Sign-up

ID

VAR-201802-0536


CVE

CVE-2017-15329


TITLE

Huawei UMA In SQL Injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2017-012455

DESCRIPTION

Huawei UMA V200R001C00 has a SQL injection vulnerability in the operation and maintenance module. An attacker logs in to the system as a common user and sends crafted HTTP requests that contain malicious SQL statements to the affected system. Due to a lack of input validation on HTTP requests that contain user-supplied input, successful exploitation may allow the attacker to execute arbitrary SQL queries. Huawei UMA is a set of IT core resource operation and maintenance management and security audit platform of China Huawei (Huawei). Through the centralized management and control of accounts, authentication, authorization and audit of various IT resources, the platform can meet the needs of users for IT operation and maintenance management and IT internal control and external audit

Trust: 1.71

sources: NVD: CVE-2017-15329 // JVNDB: JVNDB-2017-012455 // VULHUB: VHN-106140

AFFECTED PRODUCTS

vendor:huaweimodel:umascope:eqversion:v200r001c00

Trust: 1.6

vendor:huaweimodel:unified maintenance and auditscope:eqversion:v200r001c00

Trust: 0.8

sources: JVNDB: JVNDB-2017-012455 // CNNVD: CNNVD-201711-1128 // NVD: CVE-2017-15329

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-15329
value: HIGH

Trust: 1.0

NVD: CVE-2017-15329
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201711-1128
value: MEDIUM

Trust: 0.6

VULHUB: VHN-106140
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-15329
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-106140
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-15329
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-106140 // JVNDB: JVNDB-2017-012455 // CNNVD: CNNVD-201711-1128 // NVD: CVE-2017-15329

PROBLEMTYPE DATA

problemtype:CWE-89

Trust: 1.9

sources: VULHUB: VHN-106140 // JVNDB: JVNDB-2017-012455 // NVD: CVE-2017-15329

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201711-1128

TYPE

SQL injection

Trust: 0.6

sources: CNNVD: CNNVD-201711-1128

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-012455

PATCH
title:huawei-sa-20171116-01-umaurl:http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171116-01-uma-en
Trust: 0.8
title:Huawei UMA SQL Repair measures for injecting vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=76788
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2017-012455 // 
            
            
            
            CNNVD: CNNVD-201711-1128

EXTERNAL IDS
db:NVDid:CVE-2017-15329
Trust: 2.5
db:JVNDBid:JVNDB-2017-012455
Trust: 0.8
db:CNNVDid:CNNVD-201711-1128
Trust: 0.6
db:VULHUBid:VHN-106140
Trust: 0.1
sources:
            
            
            VULHUB: VHN-106140 // 
            
            
            
            JVNDB: JVNDB-2017-012455 // 
            
            
            
            CNNVD: CNNVD-201711-1128 // 
            
            
            
            NVD: CVE-2017-15329

REFERENCES
url:http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171116-01-uma-en
Trust: 1.1
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-15329
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-15329
Trust: 0.8
url:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171116-01-uma-en
Trust: 0.6
sources:
            
            
            VULHUB: VHN-106140 // 
            
            
            
            JVNDB: JVNDB-2017-012455 // 
            
            
            
            CNNVD: CNNVD-201711-1128 // 
            
            
            
            NVD: CVE-2017-15329

CREDITS
Jianfeng.Li of DBAPPSecurity Ltd
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-201711-1128

SOURCES
db:VULHUBid:VHN-106140
db:JVNDBid:JVNDB-2017-012455
db:CNNVDid:CNNVD-201711-1128
db:NVDid:CVE-2017-15329

LAST UPDATE DATE
2024-11-23T23:12:15.167000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-106140date:2018-02-26T00:00:00
db:JVNDBid:JVNDB-2017-012455date:2018-03-09T00:00:00
db:CNNVDid:CNNVD-201711-1128date:2017-11-30T00:00:00
db:NVDid:CVE-2017-15329date:2024-11-21T03:14:28.520

SOURCES RELEASE DATE
db:VULHUBid:VHN-106140date:2018-02-15T00:00:00
db:JVNDBid:JVNDB-2017-012455date:2018-03-09T00:00:00
db:CNNVDid:CNNVD-201711-1128date:2017-11-30T00:00:00
db:NVDid:CVE-2017-15329date:2018-02-15T16:29:00.203