Cross-Site Scripting Vulnerability in OSS-RC Systems by Ericsson
CVE-2021-32569

6.1MEDIUM

Key Information:

Vendor: Ericsson
Status: Operations Support System-radio And Core Firmware
Vendor: CVE Published:; 14 October 2021

What is CVE-2021-32569?

The OSS-RC systems by Ericsson, specifically versions 18B and older, are susceptible to a Cross-Site Scripting (XSS) vulnerability during customer documentation browsing under the ALEX interface. This vulnerability can be exploited by attackers to inject malicious scripts, potentially compromising the confidentiality or integrity of user data. Users are strongly advised to transition to the new Ericsson library browsing tool, ELEX, which effectively addresses and resolves these security concerns. It is vital for organizations to ensure they are using supported product versions to maintain optimal security.

References

https://www.gruppotim.it/it/innovazione/servizi-digitali/...

x_refsource_MISC

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 14, 2021
Vulnerability Reserved
May 11, 2021