Vulnerability Description
There is a logic vulnerability in Huawei Gauss100 OLTP Product. An attacker with certain permissions could perform specific SQL statement to exploit this vulnerability. Due to insufficient security design, successful exploit can cause service abnormal. Affected product versions include: ManageOne versions 6.5.1.1.B020, 6.5.1.1.B030, 6.5.1.1.B040, 6.5.1.SPC100.B050, 6.5.1.SPC101.B010, 6.5.1.SPC101.B040, 6.5.1.SPC200, 6.5.1.SPC200.B010, 6.5.1.SPC200.B030, 6.5.1.SPC200.B040, 6.5.1.SPC200.B050, 6.5.1.SPC200.B060, 6.5.1.SPC200.B070, 6.5.1RC1.B070, 6.5.1RC1.B080, 6.5.1RC2.B040, 6.5.1RC2.B050, 6.5.1RC2.B060, 6.5.1RC2.B070, 6.5.1RC2.B080, 6.5.1RC2.B090.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Huawei | Manageone | 6.5.1.1 |
References
- https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210113-01-gauss-Vendor Advisory
- https://www.oracle.com/security-alerts/cpujan2022.htmlNot ApplicableThird Party Advisory
- https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210113-01-gauss-Vendor Advisory
- https://www.oracle.com/security-alerts/cpujan2022.htmlNot ApplicableThird Party Advisory
FAQ
What is CVE-2021-22298?
CVE-2021-22298 is a vulnerability with a CVSS score of 6.5 (MEDIUM). There is a logic vulnerability in Huawei Gauss100 OLTP Product. An attacker with certain permissions could perform specific SQL statement to exploit this vulnerability. Due to insufficient security de...
How severe is CVE-2021-22298?
CVE-2021-22298 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-22298?
Check the references section above for vendor advisories and patch information. Affected products include: Huawei Manageone.