CVE-2021-32569
Published on: 10/14/2021 12:00:00 AM UTC
Last Modified on: 10/20/2021 07:26:00 PM UTC
Certain versions of Operations Support System-radio And Core from Ericsson contain the following vulnerability:
** UNSUPPORTED WHEN ASSIGNED ** In OSS-RC systems of the release 18B and older customer documentation browsing libraries under ALEX are subject to Cross-Site Scripting. This problem is completely resolved in new Ericsson library browsing tool ELEX used in systems like Ericsson Network Manager. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. Ericsson Network Manager is a new generation OSS system which OSS-RC customers shall upgrade to.
- CVE-2021-32569 has been assigned by
[email protected] to track the vulnerability - currently rated as MEDIUM severity.
CVSS3 Score: 6.1 - MEDIUM
Attack Vector ⓘ |
Attack Complexity |
Privileges Required |
User Interaction |
---|---|---|---|
NETWORK | LOW | NONE | REQUIRED |
Scope | Confidentiality Impact |
Integrity Impact |
Availability Impact |
CHANGED | LOW | LOW | NONE |
CVSS2 Score: 4.3 - MEDIUM
Access Vector ⓘ |
Access Complexity |
Authentication |
---|---|---|
NETWORK | MEDIUM | NONE |
Confidentiality Impact |
Integrity Impact |
Availability Impact |
NONE | PARTIAL | NONE |
CVE References
Description | Tags ⓘ | Link |
---|---|---|
Gruppo TIM | Vulnerability Research & Advisor | www.gruppotim.it text/html |
![]() |
There are currently no QIDs associated with this CVE
Known Affected Configurations (CPE V2.3)
Type | Vendor | Product | Version | Update | Edition | Language |
---|---|---|---|---|---|---|
Hardware | Ericsson | Operations Support System-radio And Core | - | All | All | All |
Operating System | Ericsson | Operations Support System-radio And Core Firmware | All | All | All | All |
- cpe:2.3:h:ericsson:operations_support_system-radio_and_core:-:*:*:*:*:*:*:*:
- cpe:2.3:o:ericsson:operations_support_system-radio_and_core_firmware:*:*:*:*:*:*:*:*:
No vendor comments have been submitted for this CVE
Social Mentions
Source | Title | Posted (UTC) |
---|---|---|
![]() |
CVE-2021-32569 : In OSS-RC systems of the release 18B and older customer documentation browsing libraries under A… twitter.com/i/web/status/1… | 2021-10-14 17:05:07 |