VARIoT IoT vulnerabilities database

The UMA product with software V200R001 and V300R001 has a privilege elevation vulnerability due to insufficient validation or improper processing of parameters. An attacker could craft specific packets to exploit these vulnerabilities to gain elevated privileges. UMA Product software contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Huawei UMA is a set of IT core resource operation and maintenance management and security audit platform of China Huawei (Huawei). Through the centralized management and control of accounts, authentication, authorization and audit of various IT resources, the platform can meet the needs of users for IT operation and maintenance management and IT internal control and external audit. There is a privilege escalation vulnerability in Huawei UMA V200R001 and V300R001

The UMA product with software V200R001 and V300R001 has a privilege elevation vulnerability due to insufficient validation or improper processing of parameters. An attacker could craft specific packets to exploit these vulnerabilities to gain elevated privileges. UMA Product software contains vulnerabilities related to authorization, authority, and access control.Information is acquired, information is falsified, and denial of service (DoS) May be in a state. Huawei UMA is a set of IT core resource operation and maintenance management and security audit platform of China Huawei (Huawei). Through the centralized management and control of accounts, authentication, authorization and audit of various IT resources, the platform can meet the needs of users for IT operation and maintenance management and IT internal control and external audit. There is a privilege escalation vulnerability in Huawei UMA V200R001 and V300R001

The UMA product with software V200R001 has a cross-site scripting (XSS) vulnerability due to insufficient input validation. An attacker could craft malicious links or scripts to launch XSS attacks. Huawei UMA is a set of IT core resource operation and maintenance management and security audit platform of China Huawei (Huawei). Through the centralized management and control of accounts, authentication, authorization and audit of various IT resources, the platform can meet the needs of users for IT operation and maintenance management and IT internal control and external audit

The UMA product with software V200R001 has a privilege elevation vulnerability due to insufficient validation or improper processing of parameters. An attacker could craft specific packets to exploit these vulnerabilities to gain elevated privileges. UMA Product software contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Huawei UMA is a set of IT core resource operation and maintenance management and security audit platform of China Huawei (Huawei). Through the centralized management and control of accounts, authentication, authorization and audit of various IT resources, the platform can meet the needs of users for IT operation and maintenance management and IT internal control and external audit. There is a privilege escalation vulnerability in Huawei UMA V200R001

The UMA product with software V200R001 and V300R001 has a cross-site scripting (XSS) vulnerability due to insufficient input validation. An attacker could craft malicious links or scripts to launch XSS attacks. Huawei UMA is a set of IT core resource operation and maintenance management and security audit platform of China Huawei (Huawei). Through the centralized management and control of accounts, authentication, authorization and audit of various IT resources, the platform can meet the needs of users for IT operation and maintenance management and IT internal control and external audit

The UMA product with software V200R001 has a privilege elevation vulnerability due to insufficient validation or improper processing of parameters. An attacker could craft specific packets to exploit these vulnerabilities to gain elevated privileges. UMA Product software contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Huawei UMA is a set of IT core resource operation and maintenance management and security audit platform of China Huawei (Huawei). Through the centralized management and control of accounts, authentication, authorization and audit of various IT resources, the platform can meet the needs of users for IT operation and maintenance management and IT internal control and external audit. There is a privilege escalation vulnerability in Huawei UMA V200R001

The UMA product with software V200R001 has a privilege elevation vulnerability due to insufficient validation or improper processing of parameters. An attacker could craft specific packets to exploit these vulnerabilities to gain elevated privileges. UMA Product software contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Huawei UMA is a set of IT core resource operation and maintenance management and security audit platform of China Huawei (Huawei). Through the centralized management and control of accounts, authentication, authorization and audit of various IT resources, the platform can meet the needs of users for IT operation and maintenance management and IT internal control and external audit. There is a privilege escalation vulnerability in Huawei UMA V200R001

The UMA product with software V200R001 and V300R001 has an information leak vulnerability. An attacker could exploit them to obtain some sensitive information, causing information leak. Huawei UMA is a set of IT core resource operation and maintenance management and security audit platform of China Huawei (Huawei). Through the centralized management and control of accounts, authentication, authorization and audit of various IT resources, the platform can meet the needs of users for IT operation and maintenance management and IT internal control and external audit

The UMA product with software V200R001 has a privilege elevation vulnerability due to insufficient validation or improper processing of parameters. An attacker could craft specific packets to exploit these vulnerabilities to gain elevated privileges. UMA Product software contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Huawei Unified Maintenance Audit (UMA) system is prone to a local privilege-escalation vulnerability. Huawei UMA is a set of IT core resource operation and maintenance management and security audit platform of China Huawei (Huawei). Through the centralized management and control of accounts, authentication, authorization and audit of various IT resources, the platform can meet the needs of users for IT operation and maintenance management and IT internal control and external audit. There is a privilege escalation vulnerability in Huawei UMA V200R001

The UMA product with software V200R001 and V300R001 has a privilege elevation vulnerability due to insufficient validation or improper processing of parameters. An attacker could craft specific packets to exploit these vulnerabilities to gain elevated privileges. UMA Product software contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Huawei UMA is a set of IT core resource operation and maintenance management and security audit platform of China Huawei (Huawei). Through the centralized management and control of accounts, authentication, authorization and audit of various IT resources, the platform can meet the needs of users for IT operation and maintenance management and IT internal control and external audit. There is a privilege escalation vulnerability in Huawei UMA V200R001 and V300R001

The UMA product with software V200R001 and V300R001 has a privilege elevation vulnerability due to insufficient validation or improper processing of parameters. An attacker could craft specific packets to exploit these vulnerabilities to gain elevated privileges. UMA Product software contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Huawei UMA is a set of IT core resource operation and maintenance management and security audit platform of China Huawei (Huawei). Through the centralized management and control of accounts, authentication, authorization and audit of various IT resources, the platform can meet the needs of users for IT operation and maintenance management and IT internal control and external audit. There is a privilege escalation vulnerability in Huawei UMA V200R001 and V300R001

The UMA product with software V200R001 and V300R001 has an information leak vulnerability. An attacker could exploit them to obtain some sensitive information, causing information leak. Huawei UMA is a set of IT core resource operation and maintenance management and security audit platform of China Huawei (Huawei). Through the centralized management and control of accounts, authentication, authorization and audit of various IT resources, the platform can meet the needs of users for IT operation and maintenance management and IT internal control and external audit

The FusionSphere OpenStack V100R006C00SPC102(NFV) has a command injection vulnerability. Due to the insufficient input validation on one port, an authenticated, local attacker may exploit the vulnerability to gain root privileges by sending message with malicious commands. FusionSphere OpenStack Contains a command injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Huawei FusionSphere OpenStack is a set of cloud platform software for FusionSphere (cloud operating system) of Huawei in China in ICT scenarios. The vulnerability is caused by insufficient verification input of the program

The UMA product with software V200R001 and V300R001 has a privilege elevation vulnerability due to insufficient validation or improper processing of parameters. An attacker could craft specific packets to exploit these vulnerabilities to gain elevated privileges. UMA Product software contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Huawei UMA is a set of IT core resource operation and maintenance management and security audit platform of China Huawei (Huawei). Through the centralized management and control of accounts, authentication, authorization and audit of various IT resources, the platform can meet the needs of users for IT operation and maintenance management and IT internal control and external audit. There is a privilege escalation vulnerability in Huawei UMA V200R001 and V300R001

FusionSphere OpenStack V100R006C00 has an improper authorization vulnerability. Due to improper authorization, an attacker with low privilege may exploit this vulnerability to obtain the operation authority of some specific directory, causing privilege escalation. FusionSphere OpenStack Contains an authorization vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Huawei FusionSphere OpenStack is a set of cloud platform software for FusionSphere (cloud operating system) of Huawei in China in ICT scenarios

FusionSphere OpenStack V100R006C00SPC102(NFV)has an improper verification of cryptographic signature vulnerability. The software does not verify the cryptographic signature. An attacker with high privilege may exploit this vulnerability to inject malicious software. FusionSphere OpenStack Contains a vulnerability in the verification of digital signatures.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Huawei FusionSphere OpenStack is a set of cloud platform software for FusionSphere (cloud operating system) of Huawei in China in ICT scenarios

FusionSphere OpenStack V100R006C00SPC102(NFV)has a path traversal vulnerability. Due to insufficient path validation, an attacker with high privilege may exploit this vulnerability to cover some files, causing services abnormal. FusionSphere OpenStack Contains a path traversal vulnerability.Tampering with information and disrupting service operations (DoS) There is a possibility of being put into a state. Huawei FusionSphere OpenStack is a set of cloud platform software for FusionSphere (cloud operating system) of Huawei in China in ICT scenarios. Attackers can exploit this vulnerability to overwrite files, resulting in service exceptions

FusionSphere OpenStack V100R006C00SPC102(NFV)has a week cryptographic algorithm vulnerability. Attackers may exploit the vulnerability to crack the cipher text and cause information leak on the transmission links. Huawei FusionSphere OpenStack is prone to an information-disclosure vulnerability. An attacker can exploit this issue to gain access to sensitive information; this may lead to further attacks. Huawei FusionSphere OpenStack is a set of cloud platform software for FusionSphere (cloud operating system) of Huawei in China in ICT scenarios

FusionSphere OpenStack with software V100R006C00SPC102(NFV) and V100R006C10 have an information leak vulnerability. Due to an incorrect configuration item, the information transmitted by a transmission channel is not encrypted. An attacker accessing the internal network may obtain sensitive information transmitted. Huawei FusionSphere OpenStack is a set of cloud platform software for FusionSphere (cloud operating system) of Huawei in China in ICT scenarios

The Files APP 7.1.1.308 and earlier versions in some Huawei mobile phones has a vulnerability of plaintext storage of users' Safe passwords. An attacker with the root privilege of an Android system could forge the Safe to read users' plaintext Safe passwords, leading to information leak. Huawei Files An application contains an information disclosure vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Huawei Files APP is a file management application of the Chinese company Huawei (Huawei). The vulnerability stems from the fact that the program stores the user's safe password in plain text