» 2022 » 1월

Arbitrary file has a Exposure of Sensitive Information to an Unauthorized Actor vulnerability .Successful exploitation of this vulnerability may cause the directory is traversed.

Source: CVE-2021-37126

CVE-2021-37119

Posted on 2022년 1월 4일2022년 1월 4일 by admin

CVE-2021-37119

There is a Service logic vulnerability in Smartphone.Successful exploitation of this vulnerability may cause WLAN DoS.

Source: CVE-2021-37119

CVE-2021-37132

Posted on 2022년 1월 4일2022년 1월 4일 by admin

CVE-2021-37132

PackageManagerService has a Permissions, Privileges, and Access Controls vulnerability .Successful exploitation of this vulnerability may cause that Third-party apps can obtain the complete list of Harmony apps without permission.

Source: CVE-2021-37132

CVE-2021-37112

Posted on 2022년 1월 4일2022년 1월 4일 by admin

CVE-2021-37112

Hisuite module has a External Control of System or Configuration Setting vulnerability.Successful exploitation of this vulnerability may lead to Firmware leak.

Source: CVE-2021-37112

CVE-2021-20148

Posted on 2022년 1월 4일2022년 1월 4일 by admin

CVE-2021-20148

ManageEngine ADSelfService Plus below build 6116 stores the password policy file for each domain under the html/ web root with a predictable filename based on the domain name. When ADSSP is configured with multiple Windows domains, a user from one domain can obtain the password policy for another domain by authenticating to the service and then sending a request specifying the password policy file of the other domain.

Source: CVE-2021-20148

CVE-2021-20147

Posted on 2022년 1월 4일2022년 1월 4일 by admin

CVE-2021-20147

ManageEngine ADSelfService Plus below build 6116 contains an observable response discrepancy in the UMCP operation of the ChangePasswordAPI. This allows an unauthenticated remote attacker to determine whether a Windows domain user exists.

Source: CVE-2021-20147