VYPR

ECM

by Ericsson

CVEs (2)

  • CVE-2021-41390HigSep 17, 2021
    risk 0.52cvss 8.0epss 0.01

    In Ericsson ECM before 18.0, it was observed that Security Provider Endpoint in the User Profile Management Section is vulnerable to CSV Injection.

  • CVE-2021-41391MedSep 17, 2021
    risk 0.35cvss 5.4epss 0.01

    In Ericsson ECM before 18.0, it was observed that Security Management Endpoint in User Profile Management Section is vulnerable to stored XSS via a name, leading to session hijacking and full account takeover.