Improper Permission Assignment in Huawei ManageOne
CVE-2021-22311

7.2HIGH

Key Information:

Vendor: Huawei
Status: Manageone
Vendor: CVE Published:; 22 March 2021

What is CVE-2021-22311?

An improper permission assignment vulnerability exists in Huawei ManageOne due to inadequate security hardening. This flaw allows processes to execute with elevated privileges, potentially enabling certain users to perform operations without the necessary permissions. Affected users and organizations should apply relevant security patches to mitigate this risk, particularly for versions 8.0.0 and 8.0.1, as detailed in the Huawei security advisory.

Affected Version(s)

ManageOne 8.0.0,8.0.1

References

https://www.huawei.com/en/psirt/security-advisories/huawe...

x_refsource_MISC

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 22, 2021
Vulnerability Reserved
Jan 5, 2021