ID de Prueba:	1.3.6.1.4.1.25623.1.0.108778
Categoría:	Huawei
Título:	Huawei Data Communication: SQL Injection Vulnerabilities in Huawei UMA Product (huawei-sa-20171116-01-uma)
Resumen:	There is a SQL injection vulnerability in the operation and maintenance module of Huawei UMA Product.;; This VT has been deprecated and is therefore no longer functional.
Descripción:	Summary: There is a SQL injection vulnerability in the operation and maintenance module of Huawei UMA Product. This VT has been deprecated and is therefore no longer functional. Vulnerability Insight: There is a SQL injection vulnerability in the operation and maintenance module of Huawei UMA Product. An attacker logs in to the system as a common user and sends crafted HTTP requests that contain malicious SQL statements to the affected system. Due to a lack of input validation on HTTP requests that contain user-supplied input, successful exploitation may allow the attacker to execute arbitrary SQL queries. (Vulnerability ID: HWPSIRT-2017-08159)This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2017-15329. Huawei has released software updates to fix this vulnerability. This advisory is available in the linked references. Vulnerability Impact: By exploiting this vulnerability, an attacker can execute arbitrary SQL queries. Affected Software/OS: UMA versions V200R001C00 Solution: See the referenced vendor advisory for a solution. CVSS Score: 6.5 CVSS Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2017-15329
Copyright	Copyright (C) 2020 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.