Sign-up

ID

VAR-201509-0509


TITLE

Huawei Enterprise Information Engine SQL Injection Vulnerability

Trust: 1.2

sources: CNVD: CNVD-2015-07447 // CNNVD: CNNVD-201510-760

DESCRIPTION

There is a SQL injection vulnerability in Huawei EIE. Huawei Enterprise Information Engine (EIE) is an enterprise information machine product of China's Huawei. This product supports the integration of various applications of industry customers with mobile communication business applications to achieve mobile data applications. There is a SQL injection vulnerability in Huawei EIE, which originates from the program's insufficient filtering of user-submitted input before constructing SQL query statements. Attackers can use this vulnerability to control applications, access or modify data, or exploit potential vulnerabilities in the underlying database. Vulnerabilities exist in Huawei EIE V400R001. Other versions may also be affected. Huawei Enterprise Information Engine is prone to multiple SQL-injection vulnerabilities because it fails to properly sanitize user-supplied input before using it in an SQL query

Trust: 1.35

sources: CNVD: CNVD-2015-07447 // CNNVD: CNNVD-201510-760 // BID: 76869

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2015-07447

AFFECTED PRODUCTS

vendor:huaweimodel:enterprise information engine v400r001scope: - version: -

Trust: 0.9

vendor:huaweimodel:enterprise proxy serverscope:eqversion:0

Trust: 0.3

sources: CNVD: CNVD-2015-07447 // BID: 76869

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD: CNVD-2015-07447
value: HIGH

Trust: 0.6

CNVD: CNVD-2015-07447
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:N/C:C/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 8.5
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

sources: CNVD: CNVD-2015-07447

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201510-760

TYPE

SQL injection

Trust: 0.6

sources: CNNVD: CNNVD-201510-760

PATCH

title:Huawei Enterprise Information Engine SQL Injection Vulnerability Patchurl:https://www.cnvd.org.cn/patchinfo/show/66589

Trust: 0.6

sources: CNVD: CNVD-2015-07447

EXTERNAL IDS

db:BIDid:76869

Trust: 1.5

db:CNVDid:CNVD-2015-07447

Trust: 0.6

db:CNNVDid:CNNVD-201510-760

Trust: 0.6

db:WOOYUNid:WOOYUN-2010-0123639

Trust: 0.3

sources: CNVD: CNVD-2015-07447 // BID: 76869 // CNNVD: CNNVD-201510-760

REFERENCES

url:http://www.securityfocus.com/bid/76869

Trust: 1.2

url:http://www.wooyun.org/bugs/wooyun-2010-0123639/

Trust: 0.3

url:http://www.huawei.com

Trust: 0.3

url:http://www1.huawei.com/en/security/psirt/security-bulletins/security-notices/archive/hw-455619.htm

Trust: 0.3

sources: CNVD: CNVD-2015-07447 // BID: 76869 // CNNVD: CNNVD-201510-760

CREDITS

WooYun

Trust: 0.9

sources: BID: 76869 // CNNVD: CNNVD-201510-760

SOURCES

db:CNVDid:CNVD-2015-07447
db:BIDid:76869
db:CNNVDid:CNNVD-201510-760

LAST UPDATE DATE

2022-05-17T02:02:28.315000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2015-07447date:2015-11-12T00:00:00
db:BIDid:76869date:2015-09-29T00:00:00
db:CNNVDid:CNNVD-201510-760date:2015-10-30T00:00:00

SOURCES RELEASE DATE

db:CNVDid:CNVD-2015-07447date:2015-11-12T00:00:00
db:BIDid:76869date:2015-09-29T00:00:00
db:CNNVDid:CNNVD-201510-760date:2015-09-29T00:00:00