CVE-2021-22298

EUVD-2021-9444
There is a logic vulnerability in Huawei Gauss100 OLTP Product. An attacker with certain permissions could perform specific SQL statement to exploit this vulnerability. Due to insufficient security design, successful exploit can cause service abnormal. Affected product versions include: ManageOne versions 6.5.1.1.B020, 6.5.1.1.B030, 6.5.1.1.B040, 6.5.1.SPC100.B050, 6.5.1.SPC101.B010, 6.5.1.SPC101.B040, 6.5.1.SPC200, 6.5.1.SPC200.B010, 6.5.1.SPC200.B030, 6.5.1.SPC200.B040, 6.5.1.SPC200.B050, 6.5.1.SPC200.B060, 6.5.1.SPC200.B070, 6.5.1RC1.B070, 6.5.1RC1.B080, 6.5.1RC2.B040, 6.5.1RC2.B050, 6.5.1RC2.B060, 6.5.1RC2.B070, 6.5.1RC2.B080, 6.5.1RC2.B090.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.5 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 40%
Affected Products (NVD)
VendorProductVersion
huaweimanageone
6.5.1.1:b020
huaweimanageone
6.5.1.1:b030
huaweimanageone
6.5.1.1:b040
huaweimanageone
6.5.1.1:rc1.b070
huaweimanageone
6.5.1.1:rc1.b080
huaweimanageone
6.5.1.1:rc2.b040
huaweimanageone
6.5.1.1:rc2.b050
huaweimanageone
6.5.1.1:rc2.b060
huaweimanageone
6.5.1.1:rc2.b070
huaweimanageone
6.5.1.1:rc2.b080
huaweimanageone
6.5.1.1:rc2.b090
huaweimanageone
6.5.1.1:spc100.b050
huaweimanageone
6.5.1.1:spc101.b010
huaweimanageone
6.5.1.1:spc101.b040
huaweimanageone
6.5.1.1:spc200
huaweimanageone
6.5.1.1:spc200.b010
huaweimanageone
6.5.1.1:spc200.b030
huaweimanageone
6.5.1.1:spc200.b040
huaweimanageone
6.5.1.1:spc200.b050
huaweimanageone
6.5.1.1:spc200.b060
huaweimanageone
6.5.1.1:spc200.b070
huaweimanageone
8.0.0
𝑥
= Vulnerable software versions
References
https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210113-01-gauss-en
https://www.oracle.com/security-alerts/cpujan2022.html
https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210113-01-gauss-en
https://www.oracle.com/security-alerts/cpujan2022.html