{"containers": {"cna": {"affected": [{"product": "ManageOne", "vendor": "n/a", "versions": [{"status": "affected", "version": "6.5.1.1.B020,6.5.1.1.B030, 6.5.1.1.B040, 6.5.1.SPC100.B050, 6.5.1.SPC101.B010, 6.5.1.SPC101.B040, 6.5.1.SPC200, 6.5.1.SPC200.B010, 6.5.1.SPC200.B030, 6.5.1.SPC200.B040, 6.5.1.SPC200.B050, 6.5.1.SPC200.B060, 6.5.1.SPC200.B070, 6.5.1RC1.B070, 6.5.1RC1.B080, 6.5.1RC2.B040, 6.5.1RC2.B050, 6.5.1RC2.B060, 6.5.1RC2.B070, 6.5.1RC2.B080, 6.5.1RC2.B090"}]}], "descriptions": [{"lang": "en", "value": "There is a logic vulnerability in Huawei Gauss100 OLTP Product. An attacker with certain permissions could perform specific SQL statement to exploit this vulnerability. Due to insufficient security design, successful exploit can cause service abnormal. Affected product versions include: ManageOne versions 6.5.1.1.B020, 6.5.1.1.B030, 6.5.1.1.B040, 6.5.1.SPC100.B050, 6.5.1.SPC101.B010, 6.5.1.SPC101.B040, 6.5.1.SPC200, 6.5.1.SPC200.B010, 6.5.1.SPC200.B030, 6.5.1.SPC200.B040, 6.5.1.SPC200.B050, 6.5.1.SPC200.B060, 6.5.1.SPC200.B070, 6.5.1RC1.B070, 6.5.1RC1.B080, 6.5.1RC2.B040, 6.5.1RC2.B050, 6.5.1RC2.B060, 6.5.1RC2.B070, 6.5.1RC2.B080, 6.5.1RC2.B090."}], "problemTypes": [{"descriptions": [{"description": "Logic", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2022-02-07T14:41:30.000Z", "orgId": "25ac1063-e409-4190-8079-24548c77ea2e", "shortName": "huawei"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210113-01-gauss-en"}, {"tags": ["x_refsource_MISC"], "url": "https://www.oracle.com/security-alerts/cpujan2022.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@huawei.com", "ID": "CVE-2021-22298", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "ManageOne", "version": {"version_data": [{"version_value": "6.5.1.1.B020,6.5.1.1.B030, 6.5.1.1.B040, 6.5.1.SPC100.B050, 6.5.1.SPC101.B010, 6.5.1.SPC101.B040, 6.5.1.SPC200, 6.5.1.SPC200.B010, 6.5.1.SPC200.B030, 6.5.1.SPC200.B040, 6.5.1.SPC200.B050, 6.5.1.SPC200.B060, 6.5.1.SPC200.B070, 6.5.1RC1.B070, 6.5.1RC1.B080, 6.5.1RC2.B040, 6.5.1RC2.B050, 6.5.1RC2.B060, 6.5.1RC2.B070, 6.5.1RC2.B080, 6.5.1RC2.B090"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "There is a logic vulnerability in Huawei Gauss100 OLTP Product. An attacker with certain permissions could perform specific SQL statement to exploit this vulnerability. Due to insufficient security design, successful exploit can cause service abnormal. Affected product versions include: ManageOne versions 6.5.1.1.B020, 6.5.1.1.B030, 6.5.1.1.B040, 6.5.1.SPC100.B050, 6.5.1.SPC101.B010, 6.5.1.SPC101.B040, 6.5.1.SPC200, 6.5.1.SPC200.B010, 6.5.1.SPC200.B030, 6.5.1.SPC200.B040, 6.5.1.SPC200.B050, 6.5.1.SPC200.B060, 6.5.1.SPC200.B070, 6.5.1RC1.B070, 6.5.1RC1.B080, 6.5.1RC2.B040, 6.5.1RC2.B050, 6.5.1RC2.B060, 6.5.1RC2.B070, 6.5.1RC2.B080, 6.5.1RC2.B090."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Logic"}]}]}, "references": {"reference_data": [{"name": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210113-01-gauss-en", "refsource": "CONFIRM", "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210113-01-gauss-en"}, {"name": "https://www.oracle.com/security-alerts/cpujan2022.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpujan2022.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T18:37:18.486Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210113-01-gauss-en"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.oracle.com/security-alerts/cpujan2022.html"}]}]}, "cveMetadata": {"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e", "assignerShortName": "huawei", "cveId": "CVE-2021-22298", "datePublished": "2021-02-06T01:31:07.000Z", "dateReserved": "2021-01-05T00:00:00.000Z", "dateUpdated": "2024-08-03T18:37:18.486Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:huawei:manageone:6.5.1.1:b020:*:*:*:*:*:*", "matchCriteriaId": "4042FC49-4FC7-46B4-8D14-ECACF22A9860", "vulnerable": true}, {"criteria": "cpe:2.3:a:huawei:manageone:6.5.1.1:b030:*:*:*:*:*:*", "matchCriteriaId": "A4D8799F-9ADD-442F-BC39-4BCAFBFFBE2B", "vulnerable": true}, {"criteria": "cpe:2.3:a:huawei:manageone:6.5.1.1:b040:*:*:*:*:*:*", "matchCriteriaId": "535597A4-29C8-44A8-9008-4F4E10030531", "vulnerable": true}, {"criteria": "cpe:2.3:a:huawei:manageone:6.5.1.1:rc1.b070:*:*:*:*:*:*", "matchCriteriaId": "43839F73-570C-47F7-863C-1648884423FD", "vulnerable": true}, {"criteria": "cpe:2.3:a:huawei:manageone:6.5.1.1:rc1.b080:*:*:*:*:*:*", "matchCriteriaId": "186BE073-131F-4B46-BD3D-A2BFEE1B8B2E", "vulnerable": true}, {"criteria": "cpe:2.3:a:huawei:manageone:6.5.1.1:rc2.b040:*:*:*:*:*:*", "matchCriteriaId": "22A7E167-9739-49D4-9A77-AF1AF9A078E8", "vulnerable": true}, {"criteria": "cpe:2.3:a:huawei:manageone:6.5.1.1:rc2.b050:*:*:*:*:*:*", "matchCriteriaId": "A9BC229B-6867-4FEA-925B-6B01AFC0301F", "vulnerable": true}, {"criteria": "cpe:2.3:a:huawei:manageone:6.5.1.1:rc2.b060:*:*:*:*:*:*", "matchCriteriaId": "D1B4DD08-EF8C-4E20-9940-13A7F2E33405", "vulnerable": true}, {"criteria": "cpe:2.3:a:huawei:manageone:6.5.1.1:rc2.b070:*:*:*:*:*:*", "matchCriteriaId": "74918254-E81D-4F4A-AB43-6A47B04D9670", "vulnerable": true}, {"criteria": "cpe:2.3:a:huawei:manageone:6.5.1.1:rc2.b080:*:*:*:*:*:*", "matchCriteriaId": "1FC764B8-9EDA-44B8-9879-125FB2CBAAB0", "vulnerable": true}, {"criteria": "cpe:2.3:a:huawei:manageone:6.5.1.1:rc2.b090:*:*:*:*:*:*", "matchCriteriaId": "A9E37AAA-C721-4BE9-9BF3-26D6ECC2EE6B", "vulnerable": true}, {"criteria": "cpe:2.3:a:huawei:manageone:6.5.1.1:spc100.b050:*:*:*:*:*:*", "matchCriteriaId": "C59C64B0-D42D-4515-BD2B-4FE5C7F48BE6", "vulnerable": true}, {"criteria": "cpe:2.3:a:huawei:manageone:6.5.1.1:spc101.b010:*:*:*:*:*:*", "matchCriteriaId": "698B071C-FC52-40CD-BBA7-53426051F504", "vulnerable": true}, {"criteria": "cpe:2.3:a:huawei:manageone:6.5.1.1:spc101.b040:*:*:*:*:*:*", "matchCriteriaId": "F6461FE1-99CC-48E4-8134-F17D895511F0", "vulnerable": true}, {"criteria": "cpe:2.3:a:huawei:manageone:6.5.1.1:spc200:*:*:*:*:*:*", "matchCriteriaId": "FE5AE38A-627F-4337-949D-A5811D6859EB", "vulnerable": true}, {"criteria": "cpe:2.3:a:huawei:manageone:6.5.1.1:spc200.b010:*:*:*:*:*:*", "matchCriteriaId": "29FEC933-0E52-496B-A2B3-C84E65E5B430", "vulnerable": true}, {"criteria": "cpe:2.3:a:huawei:manageone:6.5.1.1:spc200.b030:*:*:*:*:*:*", "matchCriteriaId": "16F30BF5-4510-4AC7-8B12-6D4126C2DC60", "vulnerable": true}, {"criteria": "cpe:2.3:a:huawei:manageone:6.5.1.1:spc200.b040:*:*:*:*:*:*", "matchCriteriaId": "37090D37-0CDF-464B-9509-4F465D20C8C2", "vulnerable": true}, {"criteria": "cpe:2.3:a:huawei:manageone:6.5.1.1:spc200.b050:*:*:*:*:*:*", "matchCriteriaId": "83B2B033-F12C-487E-8245-3F5BBF59BBC1", "vulnerable": true}, {"criteria": "cpe:2.3:a:huawei:manageone:6.5.1.1:spc200.b060:*:*:*:*:*:*", "matchCriteriaId": "1ADF4433-A950-4A00-A4F7-12F766B4C947", "vulnerable": true}, {"criteria": "cpe:2.3:a:huawei:manageone:6.5.1.1:spc200.b070:*:*:*:*:*:*", "matchCriteriaId": "7FF3EB4D-6892-4572-B1D6-6183FE8B8D66", "vulnerable": true}, {"criteria": "cpe:2.3:a:huawei:manageone:8.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "4C07C03B-18BA-4EA3-A73F-3E6E839252F0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "There is a logic vulnerability in Huawei Gauss100 OLTP Product. An attacker with certain permissions could perform specific SQL statement to exploit this vulnerability. Due to insufficient security design, successful exploit can cause service abnormal. Affected product versions include: ManageOne versions 6.5.1.1.B020, 6.5.1.1.B030, 6.5.1.1.B040, 6.5.1.SPC100.B050, 6.5.1.SPC101.B010, 6.5.1.SPC101.B040, 6.5.1.SPC200, 6.5.1.SPC200.B010, 6.5.1.SPC200.B030, 6.5.1.SPC200.B040, 6.5.1.SPC200.B050, 6.5.1.SPC200.B060, 6.5.1.SPC200.B070, 6.5.1RC1.B070, 6.5.1RC1.B080, 6.5.1RC2.B040, 6.5.1RC2.B050, 6.5.1RC2.B060, 6.5.1RC2.B070, 6.5.1RC2.B080, 6.5.1RC2.B090."}, {"lang": "es", "value": "Se presenta una vulnerabilidad de l\u00f3gica en el producto Huawei Gauss100 OLTP. Un atacante con determinados permisos podr\u00eda llevar a cabo una sentencia SQL espec\u00edfica para explotar esta vulnerabilidad. Debido a un dise\u00f1o de seguridad insuficiente, una explotaci\u00f3n con \u00e9xito puede causar un servicio anormal. Las versiones del producto afectadas incluyen: ManageOne versiones 6.5.1.1.B020, 6.5.1.1.B030, 6.5.1.1.B040, 6.5.1.SPC100.B050, 6.5.1.SPC101.B010, 6.5.1.SPC101.B040, 6.5 .1.SPC200, 6.5.1.SPC200.B010, 6.5.1.SPC200.B030, 6.5.1.SPC200.B040, 6.5.1.SPC200.B050, 6.5.1.SPC200.B060, 6.5.1.SPC200 .B070, 6.5.1RC1.B070, 6.5.1RC1.B080, 6.5.1RC2.B040, 6.5.1RC2.B050, 6.5.1RC2.B060, 6.5.1RC2.B070, 6.5.1RC2.B080, 6.5.1RC2.B090"}], "id": "CVE-2021-22298", "lastModified": "2024-11-21T05:49:51.903", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 4.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-02-06T02:15:12.603", "references": [{"source": "psirt@huawei.com", "tags": ["Vendor Advisory"], "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210113-01-gauss-en"}, {"source": "psirt@huawei.com", "tags": ["Not Applicable", "Third Party Advisory"], "url": "https://www.oracle.com/security-alerts/cpujan2022.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210113-01-gauss-en"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Not Applicable", "Third Party Advisory"], "url": "https://www.oracle.com/security-alerts/cpujan2022.html"}], "sourceIdentifier": "psirt@huawei.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}