Improper access control

2018-02-1516:29:00

PRIOn knowledge base

www.prio-n.com

3.8 Low

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

12.6%

JSON

Huawei OceanStor 2800 V3, V300R003C00, V300R003C20, OceanStor 5300 V3, V300R003C00, V300R003C10, V300R003C20, OceanStor 5500 V3, V300R003C00, V300R003C10, V300R003C20, OceanStor 5600 V3, V300R003C00, V300R003C10, V300R003C20, OceanStor 5800 V3, V300R003C00, V300R003C10, V300R003C20 have an improper access control vulnerability. Due to incorrectly restrict access to a resource, an attacker with high privilege may exploit the vulnerability to query some information or send specific message to cause some service abnormal.

CPENameOperatorVersion
oceanstor_2800_firmwareeq300r3c0-v
oceanstor_2800_firmwareeq300r3c20-v
oceanstor_5300_firmwareeq300r3c0-v
oceanstor_5300_firmwareeq300r3c10-v
oceanstor_5300_firmwareeq300r3c20-v
oceanstor_5500_firmwareeq300r3c0-v
oceanstor_5500_firmwareeq300r3c10-v
oceanstor_5500_firmwareeq300r3c20-v
oceanstor_5600_firmwareeq300r3c0-v
oceanstor_5600_firmwareeq300r3c10-v

Name	Operator	Version
oceanstor_2800_firmware	eq	300r3c0-v
oceanstor_2800_firmware	eq	300r3c20-v
oceanstor_5300_firmware	eq	300r3c0-v
oceanstor_5300_firmware	eq	300r3c10-v
oceanstor_5300_firmware	eq	300r3c20-v
oceanstor_5500_firmware	eq	300r3c0-v
oceanstor_5500_firmware	eq	300r3c10-v
oceanstor_5500_firmware	eq	300r3c20-v
oceanstor_5600_firmware	eq	300r3c0-v
oceanstor_5600_firmware	eq	300r3c10-v