iPECS NMS 30M
by Ericsson-LG
CVEs (4)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-10285 | Cri | 0.68 | 9.8 | 0.13 | Apr 22, 2018 | The Ericsson-LG iPECS NMS A.1Ac web application uses incorrect access control mechanisms. Since the app does not use any sort of session ID, an attacker might bypass authentication. | ||
| CVE-2018-9245 | Cri | 0.67 | 9.8 | 0.04 | Apr 22, 2018 | The Ericsson-LG iPECS NMS A.1Ac login portal has a SQL injection vulnerability in the User ID and password fields that allows users to bypass the login page and execute remote code on the operating system. | ||
| CVE-2018-10286 | Hig | 0.61 | 8.8 | 0.07 | Apr 22, 2018 | The Ericsson-LG iPECS NMS A.1Ac web application discloses sensitive information such as the NMS admin credentials and the PostgreSQL database credentials to logged-in users via the responses to certain HTTP POST requests. In order to be able to see the credentials in cleartext,… | ||
| CVE-2018-15138 | Hig | 0.50 | 7.5 | 0.13 | Aug 15, 2018 | Ericsson-LG iPECS NMS 30M allows directory traversal via ipecs-cm/download?filename=../ URIs. |
- risk 0.68cvss 9.8epss 0.13
The Ericsson-LG iPECS NMS A.1Ac web application uses incorrect access control mechanisms. Since the app does not use any sort of session ID, an attacker might bypass authentication.
- risk 0.67cvss 9.8epss 0.04
The Ericsson-LG iPECS NMS A.1Ac login portal has a SQL injection vulnerability in the User ID and password fields that allows users to bypass the login page and execute remote code on the operating system.
- risk 0.61cvss 8.8epss 0.07
The Ericsson-LG iPECS NMS A.1Ac web application discloses sensitive information such as the NMS admin credentials and the PostgreSQL database credentials to logged-in users via the responses to certain HTTP POST requests. In order to be able to see the credentials in cleartext,…
- risk 0.50cvss 7.5epss 0.13
Ericsson-LG iPECS NMS 30M allows directory traversal via ipecs-cm/download?filename=../ URIs.