CVE-2021-22298

There is a logic vulnerability in Huawei Gauss100 OLTP Product. An attacker with certain permissions could perform specific SQL statement to exploit this vulnerability. Due to insufficient security design, successful exploit can cause service abnormal. Affected product versions include: ManageOne versions 6.5.1.1.B020, 6.5.1.1.B030, 6.5.1.1.B040, 6.5.1.SPC100.B050, 6.5.1.SPC101.B010, 6.5.1.SPC101.B040, 6.5.1.SPC200, 6.5.1.SPC200.B010, 6.5.1.SPC200.B030, 6.5.1.SPC200.B040, 6.5.1.SPC200.B050, 6.5.1.SPC200.B060, 6.5.1.SPC200.B070, 6.5.1RC1.B070, 6.5.1RC1.B080, 6.5.1RC2.B040, 6.5.1RC2.B050, 6.5.1RC2.B060, 6.5.1RC2.B070, 6.5.1RC2.B080, 6.5.1RC2.B090.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.5 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
huaweiCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 40%
VendorProductVersion
huaweimanageone
6.5.1.1:b020
huaweimanageone
6.5.1.1:b030
huaweimanageone
6.5.1.1:b040
huaweimanageone
6.5.1.1:rc1.b070
huaweimanageone
6.5.1.1:rc1.b080
huaweimanageone
6.5.1.1:rc2.b040
huaweimanageone
6.5.1.1:rc2.b050
huaweimanageone
6.5.1.1:rc2.b060
huaweimanageone
6.5.1.1:rc2.b070
huaweimanageone
6.5.1.1:rc2.b080
huaweimanageone
6.5.1.1:rc2.b090
huaweimanageone
6.5.1.1:spc100.b050
huaweimanageone
6.5.1.1:spc101.b010
huaweimanageone
6.5.1.1:spc101.b040
huaweimanageone
6.5.1.1:spc200
huaweimanageone
6.5.1.1:spc200.b010
huaweimanageone
6.5.1.1:spc200.b030
huaweimanageone
6.5.1.1:spc200.b040
huaweimanageone
6.5.1.1:spc200.b050
huaweimanageone
6.5.1.1:spc200.b060
huaweimanageone
6.5.1.1:spc200.b070
huaweimanageone
8.0.0
𝑥
= Vulnerable software versions
References
https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210113-01-gauss-en
https://www.oracle.com/security-alerts/cpujan2022.html
https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210113-01-gauss-en
https://www.oracle.com/security-alerts/cpujan2022.html