CVE-2022-46407

Ericsson Network Manager (ENM), versions prior to 22.2, contains a vulnerability in the REST endpoint editprofile where Open Redirect HTTP Header Injection can lead to redirection of the submitted request to domain out of control of ENM deployment. The attacker would need admin/elevated access to exploit the vulnerability
Open Redirect
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.8 MEDIUM
NETWORK
LOW
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
mitreCNA
---
---
CVEADP
---
---
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 26%
VendorProductVersion
ericssonnetwork_manager
𝑥
< 22.2
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.gruppotim.it/it/footer/red-team.html
https://www.gruppotim.it/it/footer/red-team.html