Details of VAR-202102-0638

ID

VAR-202102-0638

CVE

CVE-2021-22298

TITLE

Huawei Gauss100 OLTP Product vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2021-003366

DESCRIPTION

There is a logic vulnerability in Huawei Gauss100 OLTP Product. An attacker with certain permissions could perform specific SQL statement to exploit this vulnerability. Due to insufficient security design, successful exploit can cause service abnormal. Affected product versions include: ManageOne versions 6.5.1.1.B020, 6.5.1.1.B030, 6.5.1.1.B040, 6.5.1.SPC100.B050, 6.5.1.SPC101.B010, 6.5.1.SPC101.B040, 6.5.1.SPC200, 6.5.1.SPC200.B010, 6.5.1.SPC200.B030, 6.5.1.SPC200.B040, 6.5.1.SPC200.B050, 6.5.1.SPC200.B060, 6.5.1.SPC200.B070, 6.5.1RC1.B070, 6.5.1RC1.B080, 6.5.1RC2.B040, 6.5.1RC2.B050, 6.5.1RC2.B060, 6.5.1RC2.B070, 6.5.1RC2.B080, 6.5.1RC2.B090. Huawei Gauss100 OLTP The product contains unspecified vulnerabilities.Denial of service (DoS) It may be put into a state. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. Huawei Manageone is a set of cloud data center management solutions of China Huawei (Huawei). The product supports unified management of heterogeneous cloud resource pools, and provides functions such as multi-level VDC matching customer organization model, service catalog planning, self-service, centralized alarm analysis, and intelligent operation and maintenance

Trust: 2.34

sources: NVD: CVE-2021-22298 // JVNDB: JVNDB-2021-003366 // CNNVD: CNNVD-202104-975 // VULHUB: VHN-380733 // VULMON: CVE-2021-22298

AFFECTED PRODUCTS

vendor:	huawei	model:	manageone	scope:	eq	version:	8.0.0	Trust: 1.8
vendor:	huawei	model:	manageone	scope:	eq	version:	6.5.1.1	Trust: 1.0
vendor:	huawei	model:	manageone	scope:	eq	version:	6.5.1.spc200	Trust: 0.8
vendor:	huawei	model:	manageone	scope:	eq	version:	6.5.1rc2.b080	Trust: 0.8
vendor:	huawei	model:	manageone	scope:	eq	version:	6.5.1rc2.b050	Trust: 0.8
vendor:	huawei	model:	manageone	scope:	eq	version:	-	Trust: 0.8
vendor:	huawei	model:	manageone	scope:	eq	version:	6.5.1rc2.b090	Trust: 0.8
vendor:	huawei	model:	manageone	scope:	eq	version:	6.5.1.spc101.b040	Trust: 0.8
vendor:	huawei	model:	manageone	scope:	eq	version:	6.5.1rc1.b070	Trust: 0.8
vendor:	huawei	model:	manageone	scope:	eq	version:	6.5.1.spc200.b060	Trust: 0.8
vendor:	huawei	model:	manageone	scope:	eq	version:	6.5.1.1.b030	Trust: 0.8
vendor:	huawei	model:	manageone	scope:	eq	version:	6.5.1.spc200.b070	Trust: 0.8
vendor:	huawei	model:	manageone	scope:	eq	version:	6.5.1.1.b040	Trust: 0.8
vendor:	huawei	model:	manageone	scope:	eq	version:	6.5.1.spc101.b010	Trust: 0.8
vendor:	huawei	model:	manageone	scope:	eq	version:	6.5.1.spc200.b030	Trust: 0.8
vendor:	huawei	model:	manageone	scope:	eq	version:	6.5.1rc2.b060	Trust: 0.8
vendor:	huawei	model:	manageone	scope:	eq	version:	6.5.1.spc200.b050	Trust: 0.8
vendor:	huawei	model:	manageone	scope:	eq	version:	6.5.1rc1.b080	Trust: 0.8
vendor:	huawei	model:	manageone	scope:	eq	version:	6.5.1.1.b020	Trust: 0.8
vendor:	huawei	model:	manageone	scope:	eq	version:	6.5.1.spc100.b050	Trust: 0.8
vendor:	huawei	model:	manageone	scope:	eq	version:	6.5.1.spc200.b010	Trust: 0.8
vendor:	huawei	model:	manageone	scope:	eq	version:	6.5.1rc2.b040	Trust: 0.8
vendor:	huawei	model:	manageone	scope:	eq	version:	6.5.1rc2.b070	Trust: 0.8
vendor:	huawei	model:	manageone	scope:	eq	version:	6.5.1.spc200.b040	Trust: 0.8

sources: JVNDB: JVNDB-2021-003366 // NVD: CVE-2021-22298

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-22298
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2021-22298
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202104-975
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202102-565
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-380733
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2021-22298
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2021-22298
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-380733
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2021-22298
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	CVE-2021-22298
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-380733 // VULMON: CVE-2021-22298 // JVNDB: JVNDB-2021-003366 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202102-565 // NVD: CVE-2021-22298

PROBLEMTYPE DATA

problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	Lack of information (CWE-noinfo) [NVD Evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2021-003366 // NVD: CVE-2021-22298

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202102-565

TYPE

other

Trust: 1.2

sources: CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202102-565

PATCH

title:	huawei-sa-20210113-01-gauss	url:	https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210113-01-gauss-en	Trust: 0.8
title:	Huawei Manageone Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=140962	Trust: 0.6

sources: JVNDB: JVNDB-2021-003366 // CNNVD: CNNVD-202102-565

EXTERNAL IDS

db:	NVD	id:	CVE-2021-22298	Trust: 2.6
db:	JVNDB	id:	JVNDB-2021-003366	Trust: 0.8
db:	CNNVD	id:	CNNVD-202102-565	Trust: 0.7
db:	CS-HELP	id:	SB2021041363	Trust: 0.6
db:	CNNVD	id:	CNNVD-202104-975	Trust: 0.6
db:	CS-HELP	id:	SB2021052719	Trust: 0.6
db:	VULHUB	id:	VHN-380733	Trust: 0.1
db:	VULMON	id:	CVE-2021-22298	Trust: 0.1

sources: VULHUB: VHN-380733 // VULMON: CVE-2021-22298 // JVNDB: JVNDB-2021-003366 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202102-565 // NVD: CVE-2021-22298

REFERENCES

url:	https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210113-01-gauss-en	Trust: 1.8
url:	https://www.oracle.com/security-alerts/cpujan2022.html	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2021-22298	Trust: 1.4
url:	https://www.cybersecurity-help.cz/vdb/sb2021041363	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021052719	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-380733 // VULMON: CVE-2021-22298 // JVNDB: JVNDB-2021-003366 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202102-565 // NVD: CVE-2021-22298

SOURCES

db:	VULHUB	id:	VHN-380733
db:	VULMON	id:	CVE-2021-22298
db:	JVNDB	id:	JVNDB-2021-003366
db:	CNNVD	id:	CNNVD-202104-975
db:	CNNVD	id:	CNNVD-202102-565
db:	NVD	id:	CVE-2021-22298

LAST UPDATE DATE

2024-11-23T19:27:42.398000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-380733	date:	2022-03-29T00:00:00
db:	VULMON	id:	CVE-2021-22298	date:	2021-02-10T00:00:00
db:	JVNDB	id:	JVNDB-2021-003366	date:	2021-10-25T08:30:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-14T00:00:00
db:	CNNVD	id:	CNNVD-202102-565	date:	2022-03-10T00:00:00
db:	NVD	id:	CVE-2021-22298	date:	2024-11-21T05:49:51.903

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-380733	date:	2021-02-06T00:00:00
db:	VULMON	id:	CVE-2021-22298	date:	2021-02-06T00:00:00
db:	JVNDB	id:	JVNDB-2021-003366	date:	2021-10-25T00:00:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-13T00:00:00
db:	CNNVD	id:	CNNVD-202102-565	date:	2021-02-05T00:00:00
db:	NVD	id:	CVE-2021-22298	date:	2021-02-06T02:15:12.603