CVE-2016-3675

SQL injection vulnerability in Huawei Policy Center with software before V100R003C10SPC020 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors related to system databases.

CVSS v3 8.1 HIGH
CVSS v2.0 6.5 MEDIUM

8.1^/10

CVSS v3 : HIGH

Vector :

Exploitability : 2.8 / Impact : 5.2

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

6.5^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:S/C:P/I:P/A:P

Exploitability : 8.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160325-01-policycenter-en	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:h:huawei:policy_center:-:*:*:*:*:*:*:*

OR	cpe:2.3:o:huawei:policy_center_firmware:v100r003c00:::::::*
	cpe:2.3:o:huawei:policy_center_firmware:v100r003c10:::::::*

History

13 Sep 2021, 10:51

Type	Values Removed	Values Added
CPE	cpe:2.3:a:huawei:policy_center_firmware:v100r003c10:::::::* cpe:2.3:a:huawei:policy_center_firmware:v100r003c00:::::::*	cpe:2.3:o:huawei:policy_center_firmware:v100r003c00:::::::* cpe:2.3:o:huawei:policy_center_firmware:v100r003c10:::::::*

Information

Published : 2016-04-11 15:59

Updated : 2024-02-04 18:53

NVD link : CVE-2016-3675

Mitre link : CVE-2016-3675

CVE.ORG link : CVE-2016-3675

JSON object : View

Products Affected

huawei

policy_center_firmware
policy_center

CWE

CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

{"id": "CVE-2016-3675", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.2, "exploitabilityScore": 2.8}]}, "published": "2016-04-11T15:59:08.720", "references": [{"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160325-01-policycenter-en", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-89"}]}], "descriptions": [{"lang": "en", "value": "SQL injection vulnerability in Huawei Policy Center with software before V100R003C10SPC020 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors related to system databases."}, {"lang": "es", "value": "Vulnerabilidad de inyecci\u00f3n SQL en Huawei Policy Center con software en versiones anteriores a V100R003C10SPC020 permite a usuarios remotos autenticados ejecutar comandos SQL arbitrarios a trav\u00e9s de vectores no especificados relacionados con bases de datos de sistema."}], "lastModified": "2021-09-13T10:51:10.657", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:huawei:policy_center:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "A4911A36-7D5E-40E5-B716-353D163AC905"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:huawei:policy_center_firmware:v100r003c00:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "53EF701A-5CBA-4295-B8CC-1D20ED578FC1"}, {"criteria": "cpe:2.3:o:huawei:policy_center_firmware:v100r003c10:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CBE85C1E-FE3D-4D7B-A5B3-861FAED2B406"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}