Vulnerability Name: CVE-2021-22298 (CCN-196423) Assigned: 2021-01-13 Published: 2021-01-13 Updated: 2022-03-29 Summary: There is a logic vulnerability in Huawei Gauss100 OLTP Product. An attacker with certain permissions could perform specific SQL statement to exploit this vulnerability. Due to insufficient security design, successful exploit can cause service abnormal. Affected product versions include: ManageOne versions 6.5.1.1.B020, 6.5.1.1.B030, 6.5.1.1.B040, 6.5.1.SPC100.B050, 6.5.1.SPC101.B010, 6.5.1.SPC101.B040, 6.5.1.SPC200, 6.5.1.SPC200.B010, 6.5.1.SPC200.B030, 6.5.1.SPC200.B040, 6.5.1.SPC200.B050, 6.5.1.SPC200.B060, 6.5.1.SPC200.B070, 6.5.1RC1.B070, 6.5.1RC1.B080, 6.5.1RC2.B040, 6.5.1RC2.B050, 6.5.1RC2.B060, 6.5.1RC2.B070, 6.5.1RC2.B080, 6.5.1RC2.B090. CVSS v3 Severity: 6.5 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H )5.7 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C )Exploitability Metrics: Attack Vector (AV): NetworkAttack Complexity (AC): LowPrivileges Required (PR): LowUser Interaction (UI): NoneScope: Scope (S): UnchangedImpact Metrics: Confidentiality (C): NoneIntegrity (I): NoneAvailibility (A): High
7.1 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H )6.2 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H/E:U/RL:O/RC:C )Exploitability Metrics: Attack Vector (AV): NetworkAttack Complexity (AC): LowPrivileges Required (PR): LowUser Interaction (UI): NoneScope: Scope (S): UnchangedImpact Metrics: Confidentiality (C): NoneIntegrity (I): LowAvailibility (A): High
CVSS v2 Severity: 4.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:S/C:N/I:N/A:P )Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): LowAuthentication (Au): Single_InstanceImpact Metrics: Confidentiality (C): NoneIntegrity (I): NoneAvailibility (A): Partial
7.5 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:S/C:N/I:P/A:C )Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): LowAthentication (Au): Single_InstanceImpact Metrics: Confidentiality (C): NoneIntegrity (I): PartialAvailibility (A): Complete
Vulnerability Type: CWE-noinfo Vulnerability Consequences: Denial of Service References: Source: MITRE Type: CNACVE-2021-22298 Source: XF Type: UNKNOWNhuawei-cve202122298-dos(196423) Source: CCN Type: huawei-sa-20210113-01-gaussLogic Vulnerability in Huawei Gauss100 Product Source: CONFIRM Type: Vendor Advisoryhttps://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210113-01-gauss-en Source: MISC Type: Not Applicable, Third Party Advisoryhttps://www.oracle.com/security-alerts/cpujan2022.html Vulnerable Configuration: Configuration 1 :cpe:/a:huawei:manageone:6.5.1.1:b020:*:*:*:*:*:* OR cpe:/a:huawei:manageone:6.5.1.1:b030:*:*:*:*:*:* OR cpe:/a:huawei:manageone:6.5.1.1:b040:*:*:*:*:*:* OR cpe:/a:huawei:manageone:6.5.1.1:rc1.b070:*:*:*:*:*:* OR cpe:/a:huawei:manageone:6.5.1.1:rc1.b080:*:*:*:*:*:* OR cpe:/a:huawei:manageone:6.5.1.1:rc2.b040:*:*:*:*:*:* OR cpe:/a:huawei:manageone:6.5.1.1:rc2.b050:*:*:*:*:*:* OR cpe:/a:huawei:manageone:6.5.1.1:rc2.b060:*:*:*:*:*:* OR cpe:/a:huawei:manageone:6.5.1.1:rc2.b070:*:*:*:*:*:* OR cpe:/a:huawei:manageone:6.5.1.1:rc2.b080:*:*:*:*:*:* OR cpe:/a:huawei:manageone:6.5.1.1:rc2.b090:*:*:*:*:*:* OR cpe:/a:huawei:manageone:6.5.1.1:spc100.b050:*:*:*:*:*:* OR cpe:/a:huawei:manageone:6.5.1.1:spc101.b010:*:*:*:*:*:* OR cpe:/a:huawei:manageone:6.5.1.1:spc101.b040:*:*:*:*:*:* OR cpe:/a:huawei:manageone:6.5.1.1:spc200:*:*:*:*:*:* OR cpe:/a:huawei:manageone:6.5.1.1:spc200.b010:*:*:*:*:*:* OR cpe:/a:huawei:manageone:6.5.1.1:spc200.b030:*:*:*:*:*:* OR cpe:/a:huawei:manageone:6.5.1.1:spc200.b040:*:*:*:*:*:* OR cpe:/a:huawei:manageone:6.5.1.1:spc200.b050:*:*:*:*:*:* OR cpe:/a:huawei:manageone:6.5.1.1:spc200.b060:*:*:*:*:*:* OR cpe:/a:huawei:manageone:6.5.1.1:spc200.b070:*:*:*:*:*:* OR cpe:/a:huawei:manageone:8.0.0:-:*:*:*:*:*:* Configuration CCN 1 :cpe:/a:huawei:manageone:8.0.0:-:*:*:*:*:*:* Denotes that component is vulnerable Oval Definitions BACK
huawei manageone 6.5.1.1 b020
huawei manageone 6.5.1.1 b030
huawei manageone 6.5.1.1 b040
huawei manageone 6.5.1.1 rc1.b070
huawei manageone 6.5.1.1 rc1.b080
huawei manageone 6.5.1.1 rc2.b040
huawei manageone 6.5.1.1 rc2.b050
huawei manageone 6.5.1.1 rc2.b060
huawei manageone 6.5.1.1 rc2.b070
huawei manageone 6.5.1.1 rc2.b080
huawei manageone 6.5.1.1 rc2.b090
huawei manageone 6.5.1.1 spc100.b050
huawei manageone 6.5.1.1 spc101.b010
huawei manageone 6.5.1.1 spc101.b040
huawei manageone 6.5.1.1 spc200
huawei manageone 6.5.1.1 spc200.b010
huawei manageone 6.5.1.1 spc200.b030
huawei manageone 6.5.1.1 spc200.b040
huawei manageone 6.5.1.1 spc200.b050
huawei manageone 6.5.1.1 spc200.b060
huawei manageone 6.5.1.1 spc200.b070
huawei manageone 8.0.0
huawei manageone 8.0.0