CVE-2022-46407

Name of the Vulnerable Software and Affected Versions Ericsson Network Manager (ENM) versions prior to 22.2

Description The issue concerns a vulnerability in the REST endpoint "editprofile" where Open Redirect HTTP Header Injection can occur, potentially leading to the redirection of submitted requests to domains outside the control of the ENM deployment. An attacker would need admin or elevated access to exploit this issue.

Recommendations For versions prior to 22.2, update to version 22.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the "editprofile" endpoint to minimize the risk of exploitation.