PT-2022-9892 · Ericsson · Ericsson Network Manager

Alessandro Bosco

Published

2022-03-08

Updated

2022-07-12

CVE-2021-28488

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Ericsson Network Manager versions prior to 21.2

Description The issue concerns incorrect access-control behavior, affecting users with highly privileged roles. It allows users within the same AMOS authorization group to retrieve managed-network data not intended for their access, specifically data restricted to a subset of the group.

Recommendations For Ericsson Network Manager versions prior to 21.2, update to version 21.2 or later to resolve the issue.

Fix

Exposure of Resource to Wrong Sphere

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-668

Related Identifiers

CVE-2021-28488

Affected Products

Ericsson Network Manager

PT-2022-9892 · Ericsson · Ericsson Network Manager

CVE-2021-28488

Weakness Enumeration

Related Identifiers

Affected Products

References · 7