CVE-2021-22298
First published: Sat Feb 06 2021(Updated: )
There is a logic vulnerability in Huawei Gauss100 OLTP Product. An attacker with certain permissions could perform specific SQL statement to exploit this vulnerability. Due to insufficient security design, successful exploit can cause service abnormal. Affected product versions include: ManageOne versions 6.5.1.1.B020, 6.5.1.1.B030, 6.5.1.1.B040, 6.5.1.SPC100.B050, 6.5.1.SPC101.B010, 6.5.1.SPC101.B040, 6.5.1.SPC200, 6.5.1.SPC200.B010, 6.5.1.SPC200.B030, 6.5.1.SPC200.B040, 6.5.1.SPC200.B050, 6.5.1.SPC200.B060, 6.5.1.SPC200.B070, 6.5.1RC1.B070, 6.5.1RC1.B080, 6.5.1RC2.B040, 6.5.1RC2.B050, 6.5.1RC2.B060, 6.5.1RC2.B070, 6.5.1RC2.B080, 6.5.1RC2.B090.
Credit: psirt@huawei.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Huawei ManageOne | =6.5.1.1-b020 | |
| Huawei ManageOne | =6.5.1.1-b030 | |
| Huawei ManageOne | =6.5.1.1-b040 | |
| Huawei ManageOne | =6.5.1.1-rc1.b070 | |
| Huawei ManageOne | =6.5.1.1-rc1.b080 | |
| Huawei ManageOne | =6.5.1.1-rc2.b040 | |
| Huawei ManageOne | =6.5.1.1-rc2.b050 | |
| Huawei ManageOne | =6.5.1.1-rc2.b060 | |
| Huawei ManageOne | =6.5.1.1-rc2.b070 | |
| Huawei ManageOne | =6.5.1.1-rc2.b080 | |
| Huawei ManageOne | =6.5.1.1-rc2.b090 | |
| Huawei ManageOne | =6.5.1.1-spc100.b050 | |
| Huawei ManageOne | =6.5.1.1-spc101.b010 | |
| Huawei ManageOne | =6.5.1.1-spc101.b040 | |
| Huawei ManageOne | =6.5.1.1-spc200 | |
| Huawei ManageOne | =6.5.1.1-spc200.b010 | |
| Huawei ManageOne | =6.5.1.1-spc200.b030 | |
| Huawei ManageOne | =6.5.1.1-spc200.b040 | |
| Huawei ManageOne | =6.5.1.1-spc200.b050 | |
| Huawei ManageOne | =6.5.1.1-spc200.b060 | |
| Huawei ManageOne | =6.5.1.1-spc200.b070 | |
| Huawei ManageOne | =8.0.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2021-22298?
CVE-2021-22298 is a logic vulnerability in the Huawei Gauss100 OLTP Product.
How does CVE-2021-22298 affect Huawei ManageOne?
CVE-2021-22298 affects certain versions of Huawei ManageOne, including 6.5.1.1-b020, 6.5.1.1-b030, 6.5.1.1-b040, and more.
What is the severity of CVE-2021-22298?
CVE-2021-22298 has a severity rating of 6.5 (medium).
How can an attacker exploit CVE-2021-22298?
An attacker with certain permissions can exploit CVE-2021-22298 by performing specific SQL statements.
How can I fix CVE-2021-22298?
To fix CVE-2021-22298, it is recommended to apply the necessary security patches provided by Huawei.
- collector/nvd-index
- agent/severity
- agent/references
- agent/author
- agent/description
- agent/type
- agent/event
- agent/softwarecombine
- agent/first-publish-date
- agent/last-modified-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/huawei
- canonical/huawei manageone
- version/huawei manageone/6.5.1.1-b020
- version/huawei manageone/6.5.1.1-b030
- version/huawei manageone/6.5.1.1-b040
- version/huawei manageone/6.5.1.1-rc1.b070
- version/huawei manageone/6.5.1.1-rc1.b080
- version/huawei manageone/6.5.1.1-rc2.b040
- version/huawei manageone/6.5.1.1-rc2.b050
- version/huawei manageone/6.5.1.1-rc2.b060
- version/huawei manageone/6.5.1.1-rc2.b070
- version/huawei manageone/6.5.1.1-rc2.b080
- version/huawei manageone/6.5.1.1-rc2.b090
- version/huawei manageone/6.5.1.1-spc100.b050
- version/huawei manageone/6.5.1.1-spc101.b010
- version/huawei manageone/6.5.1.1-spc101.b040
- version/huawei manageone/6.5.1.1-spc200
- version/huawei manageone/6.5.1.1-spc200.b010
- version/huawei manageone/6.5.1.1-spc200.b030
- version/huawei manageone/6.5.1.1-spc200.b040
- version/huawei manageone/6.5.1.1-spc200.b050
- version/huawei manageone/6.5.1.1-spc200.b060
- version/huawei manageone/6.5.1.1-spc200.b070
- version/huawei manageone/8.0.0