CVE-2021-22298 - NVD | ByteOS Network

NVD Vulnerability Details :

CVE-2021-22298

Analyzed

More Info Official Page

Source-psirt@huawei.com

Published At-06 Feb, 2021 | 02:15

Updated At-29 Mar, 2022 | 16:39

There is a logic vulnerability in Huawei Gauss100 OLTP Product. An attacker with certain permissions could perform specific SQL statement to exploit this vulnerability. Due to insufficient security design, successful exploit can cause service abnormal. Affected product versions include: ManageOne versions 6.5.1.1.B020, 6.5.1.1.B030, 6.5.1.1.B040, 6.5.1.SPC100.B050, 6.5.1.SPC101.B010, 6.5.1.SPC101.B040, 6.5.1.SPC200, 6.5.1.SPC200.B010, 6.5.1.SPC200.B030, 6.5.1.SPC200.B040, 6.5.1.SPC200.B050, 6.5.1.SPC200.B060, 6.5.1.SPC200.B070, 6.5.1RC1.B070, 6.5.1RC1.B080, 6.5.1RC2.B040, 6.5.1RC2.B050, 6.5.1RC2.B060, 6.5.1RC2.B070, 6.5.1RC2.B080, 6.5.1RC2.B090.

Metrics

Type	Version	Base score	Base severity	Vector
Primary	3.1	6.5	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Primary	2.0	4.0	MEDIUM	AV:N/AC:L/Au:S/C:N/I:N/A:P

CPE Matches

Huawei Technologies Co., Ltd.

>>manageone>>6.5.1.1

cpe:2.3:a:huawei:manageone:6.5.1.1:b020:*:*:*:*:*:*

Huawei Technologies Co., Ltd.

>>manageone>>6.5.1.1

cpe:2.3:a:huawei:manageone:6.5.1.1:b030:*:*:*:*:*:*

Huawei Technologies Co., Ltd.

>>manageone>>6.5.1.1

cpe:2.3:a:huawei:manageone:6.5.1.1:b040:*:*:*:*:*:*

Huawei Technologies Co., Ltd.

>>manageone>>6.5.1.1

cpe:2.3:a:huawei:manageone:6.5.1.1:rc1.b070:*:*:*:*:*:*

Huawei Technologies Co., Ltd.

>>manageone>>6.5.1.1

cpe:2.3:a:huawei:manageone:6.5.1.1:rc1.b080:*:*:*:*:*:*

Huawei Technologies Co., Ltd.

>>manageone>>6.5.1.1

cpe:2.3:a:huawei:manageone:6.5.1.1:rc2.b040:*:*:*:*:*:*

Huawei Technologies Co., Ltd.

>>manageone>>6.5.1.1

cpe:2.3:a:huawei:manageone:6.5.1.1:rc2.b050:*:*:*:*:*:*

Huawei Technologies Co., Ltd.

>>manageone>>6.5.1.1

cpe:2.3:a:huawei:manageone:6.5.1.1:rc2.b060:*:*:*:*:*:*

Huawei Technologies Co., Ltd.

>>manageone>>6.5.1.1

cpe:2.3:a:huawei:manageone:6.5.1.1:rc2.b070:*:*:*:*:*:*

Huawei Technologies Co., Ltd.

>>manageone>>6.5.1.1

cpe:2.3:a:huawei:manageone:6.5.1.1:rc2.b080:*:*:*:*:*:*

Huawei Technologies Co., Ltd.

>>manageone>>6.5.1.1

cpe:2.3:a:huawei:manageone:6.5.1.1:rc2.b090:*:*:*:*:*:*

Huawei Technologies Co., Ltd.

>>manageone>>6.5.1.1

cpe:2.3:a:huawei:manageone:6.5.1.1:spc100.b050:*:*:*:*:*:*

Huawei Technologies Co., Ltd.

>>manageone>>6.5.1.1

cpe:2.3:a:huawei:manageone:6.5.1.1:spc101.b010:*:*:*:*:*:*

Huawei Technologies Co., Ltd.

>>manageone>>6.5.1.1

cpe:2.3:a:huawei:manageone:6.5.1.1:spc101.b040:*:*:*:*:*:*

Huawei Technologies Co., Ltd.

>>manageone>>6.5.1.1

cpe:2.3:a:huawei:manageone:6.5.1.1:spc200:*:*:*:*:*:*

Huawei Technologies Co., Ltd.

>>manageone>>6.5.1.1

cpe:2.3:a:huawei:manageone:6.5.1.1:spc200.b010:*:*:*:*:*:*

Huawei Technologies Co., Ltd.

>>manageone>>6.5.1.1

cpe:2.3:a:huawei:manageone:6.5.1.1:spc200.b030:*:*:*:*:*:*

Huawei Technologies Co., Ltd.

>>manageone>>6.5.1.1

cpe:2.3:a:huawei:manageone:6.5.1.1:spc200.b040:*:*:*:*:*:*

Huawei Technologies Co., Ltd.

>>manageone>>6.5.1.1

cpe:2.3:a:huawei:manageone:6.5.1.1:spc200.b050:*:*:*:*:*:*

Huawei Technologies Co., Ltd.

>>manageone>>6.5.1.1

cpe:2.3:a:huawei:manageone:6.5.1.1:spc200.b060:*:*:*:*:*:*

Huawei Technologies Co., Ltd.

>>manageone>>6.5.1.1

cpe:2.3:a:huawei:manageone:6.5.1.1:spc200.b070:*:*:*:*:*:*

Huawei Technologies Co., Ltd.

>>manageone>>8.0.0

cpe:2.3:a:huawei:manageone:8.0.0:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
NVD-CWE-noinfo	Primary	nvd@nist.gov

References

Hyperlink	Source	Resource
https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210113-01-gauss-en	psirt@huawei.com	Vendor Advisory
https://www.oracle.com/security-alerts/cpujan2022.html	psirt@huawei.com	Not Applicable Third Party Advisory