Back to search
CVE-2021-28488
Published: Mar 8, 2022
Modified: Aug 3, 2024
PUBLISHED
Description
Ericsson Network Manager (ENM) before 21.2 has incorrect access-control behavior (that only affects the level of access available to persons who were already granted a highly privileged role). Users in the same AMOS authorization group can retrieve managed-network data that was not set to be accessible to the entire group (i.e., was only set to be accessible to a subset of that group).
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
https://www.ericsson.com
x_refsource_MISC
https://www.gruppotim.it/it/footer/red-team.html
x_refsource_MISC
https://www.ericsson.com/en/about-us/enterprise-security/psirt
x_refsource_MISC
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now