Test Kennung:	1.3.6.1.4.1.25623.1.0.108778
Kategorie:	Huawei
Titel:	Huawei Data Communication: SQL Injection Vulnerabilities in Huawei UMA Product (huawei-sa-20171116-01-uma)
Zusammenfassung:	There is a SQL injection vulnerability in the operation and maintenance module of Huawei UMA Product.;; This VT has been deprecated and is therefore no longer functional.
Beschreibung:	Summary: There is a SQL injection vulnerability in the operation and maintenance module of Huawei UMA Product. This VT has been deprecated and is therefore no longer functional. Vulnerability Insight: There is a SQL injection vulnerability in the operation and maintenance module of Huawei UMA Product. An attacker logs in to the system as a common user and sends crafted HTTP requests that contain malicious SQL statements to the affected system. Due to a lack of input validation on HTTP requests that contain user-supplied input, successful exploitation may allow the attacker to execute arbitrary SQL queries. (Vulnerability ID: HWPSIRT-2017-08159)This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2017-15329. Huawei has released software updates to fix this vulnerability. This advisory is available in the linked references. Vulnerability Impact: By exploiting this vulnerability, an attacker can execute arbitrary SQL queries. Affected Software/OS: UMA versions V200R001C00 Solution: See the referenced vendor advisory for a solution. CVSS Score: 6.5 CVSS Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2017-15329
Copyright	Copyright (C) 2020 Greenbone AG

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.