Ericsson Network Manager
by Ericsson
CVEs (7)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-27258 | 0.00 | — | 0.00 | Oct 13, 2025 | Ericsson Network Manager (ENM) versions prior to ENM 25.1 GA contain a vulnerability, if exploited, can result in an escalation of privilege. | |||
| CVE-2025-27259 | 0.00 | — | 0.00 | Oct 13, 2025 | Ericsson Network Manager versions prior to ENM 25.2 GA contain a vulnerability that, if exploited, can exfiltrate limited data or redirect victims to other sites or domains. | |||
| CVE-2024-25007 | 0.00 | — | 0.00 | Apr 4, 2024 | Ericsson Network Manager (ENM), versions prior to 23.1, contains a vulnerability in the export function of application log where Improper Neutralization of Formula Elements in a CSV File can lead to code execution or information disclosure. There is limited impact to integrity… | |||
| CVE-2023-39909 | 0.00 | — | 0.01 | Dec 7, 2023 | Ericsson Network Manager before 23.2 mishandles Access Control and thus unauthenticated low-privilege users can access the NCM application. | |||
| CVE-2022-46408 | 0.00 | — | 0.01 | Jun 29, 2023 | Ericsson Network Manager (ENM), versions prior to 22.1, contains a vulnerability in the application Network Connectivity Manager (NCM) where improper Neutralization of Formula Elements in a CSV File can lead to remote code execution or data leakage via maliciously injected… | |||
| CVE-2021-32570 | 0.00 | — | 0.01 | Aug 25, 2022 | In Ericsson Network Manager (ENM) releases before 21.2, users belonging to the same AMOS authorization group can retrieve the data from certain log files. All AMOS users are considered to be highly privileged users in ENM system and all must be previously defined and authorized… | |||
| CVE-2021-28488 | 0.00 | — | 0.01 | Mar 8, 2022 | Ericsson Network Manager (ENM) before 21.2 has incorrect access-control behavior (that only affects the level of access available to persons who were already granted a highly privileged role). Users in the same AMOS authorization group can retrieve managed-network data that was… |
- CVE-2025-27258Oct 13, 2025risk 0.00cvss —epss 0.00
Ericsson Network Manager (ENM) versions prior to ENM 25.1 GA contain a vulnerability, if exploited, can result in an escalation of privilege.
- CVE-2025-27259Oct 13, 2025risk 0.00cvss —epss 0.00
Ericsson Network Manager versions prior to ENM 25.2 GA contain a vulnerability that, if exploited, can exfiltrate limited data or redirect victims to other sites or domains.
- CVE-2024-25007Apr 4, 2024risk 0.00cvss —epss 0.00
Ericsson Network Manager (ENM), versions prior to 23.1, contains a vulnerability in the export function of application log where Improper Neutralization of Formula Elements in a CSV File can lead to code execution or information disclosure. There is limited impact to integrity…
- CVE-2023-39909Dec 7, 2023risk 0.00cvss —epss 0.01
Ericsson Network Manager before 23.2 mishandles Access Control and thus unauthenticated low-privilege users can access the NCM application.
- CVE-2022-46408Jun 29, 2023risk 0.00cvss —epss 0.01
Ericsson Network Manager (ENM), versions prior to 22.1, contains a vulnerability in the application Network Connectivity Manager (NCM) where improper Neutralization of Formula Elements in a CSV File can lead to remote code execution or data leakage via maliciously injected…
- CVE-2021-32570Aug 25, 2022risk 0.00cvss —epss 0.01
In Ericsson Network Manager (ENM) releases before 21.2, users belonging to the same AMOS authorization group can retrieve the data from certain log files. All AMOS users are considered to be highly privileged users in ENM system and all must be previously defined and authorized…
- CVE-2021-28488Mar 8, 2022risk 0.00cvss —epss 0.01
Ericsson Network Manager (ENM) before 21.2 has incorrect access-control behavior (that only affects the level of access available to persons who were already granted a highly privileged role). Users in the same AMOS authorization group can retrieve managed-network data that was…