Vulnerability Details : CVE-2021-22298
There is a logic vulnerability in Huawei Gauss100 OLTP Product. An attacker with certain permissions could perform specific SQL statement to exploit this vulnerability. Due to insufficient security design, successful exploit can cause service abnormal. Affected product versions include: ManageOne versions 6.5.1.1.B020, 6.5.1.1.B030, 6.5.1.1.B040, 6.5.1.SPC100.B050, 6.5.1.SPC101.B010, 6.5.1.SPC101.B040, 6.5.1.SPC200, 6.5.1.SPC200.B010, 6.5.1.SPC200.B030, 6.5.1.SPC200.B040, 6.5.1.SPC200.B050, 6.5.1.SPC200.B060, 6.5.1.SPC200.B070, 6.5.1RC1.B070, 6.5.1RC1.B080, 6.5.1RC2.B040, 6.5.1RC2.B050, 6.5.1RC2.B060, 6.5.1RC2.B070, 6.5.1RC2.B080, 6.5.1RC2.B090.
Products affected by CVE-2021-22298
- cpe:2.3:a:huawei:manageone:6.5.1.1:b020:*:*:*:*:*:*
- cpe:2.3:a:huawei:manageone:6.5.1.1:b030:*:*:*:*:*:*
- cpe:2.3:a:huawei:manageone:6.5.1.1:b040:*:*:*:*:*:*
- cpe:2.3:a:huawei:manageone:6.5.1.1:rc1.b070:*:*:*:*:*:*
- cpe:2.3:a:huawei:manageone:6.5.1.1:rc1.b080:*:*:*:*:*:*
- cpe:2.3:a:huawei:manageone:6.5.1.1:rc2.b040:*:*:*:*:*:*
- cpe:2.3:a:huawei:manageone:6.5.1.1:rc2.b050:*:*:*:*:*:*
- cpe:2.3:a:huawei:manageone:6.5.1.1:rc2.b060:*:*:*:*:*:*
- cpe:2.3:a:huawei:manageone:6.5.1.1:rc2.b070:*:*:*:*:*:*
- cpe:2.3:a:huawei:manageone:6.5.1.1:rc2.b080:*:*:*:*:*:*
- cpe:2.3:a:huawei:manageone:6.5.1.1:rc2.b090:*:*:*:*:*:*
- cpe:2.3:a:huawei:manageone:6.5.1.1:spc100.b050:*:*:*:*:*:*
- cpe:2.3:a:huawei:manageone:6.5.1.1:spc101.b010:*:*:*:*:*:*
- cpe:2.3:a:huawei:manageone:6.5.1.1:spc101.b040:*:*:*:*:*:*
- cpe:2.3:a:huawei:manageone:6.5.1.1:spc200:*:*:*:*:*:*
- cpe:2.3:a:huawei:manageone:6.5.1.1:spc200.b010:*:*:*:*:*:*
- cpe:2.3:a:huawei:manageone:6.5.1.1:spc200.b030:*:*:*:*:*:*
- cpe:2.3:a:huawei:manageone:6.5.1.1:spc200.b040:*:*:*:*:*:*
- cpe:2.3:a:huawei:manageone:6.5.1.1:spc200.b050:*:*:*:*:*:*
- cpe:2.3:a:huawei:manageone:6.5.1.1:spc200.b060:*:*:*:*:*:*
- cpe:2.3:a:huawei:manageone:6.5.1.1:spc200.b070:*:*:*:*:*:*
- cpe:2.3:a:huawei:manageone:8.0.0:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2021-22298
0.07%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 27 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2021-22298
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.0
|
MEDIUM | AV:N/AC:L/Au:S/C:N/I:N/A:P |
8.0
|
2.9
|
NIST | |
6.5
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
2.8
|
3.6
|
NIST |
References for CVE-2021-22298
-
https://www.oracle.com/security-alerts/cpujan2022.html
Oracle Critical Patch Update Advisory - January 2022Not Applicable;Third Party Advisory
-
https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210113-01-gauss-en
Security Advisory - Logic Vulnerability in Huawei Gauss100 ProductVendor Advisory
Jump to