HIGH🇬🇧 English

CVE-2021-37105

CVSS 7.5v3.1pub. 2021-09-28upd. 2024-11-21

There is an improper file upload control vulnerability in FusionCompute 6.5.0, 6.5.1 and 8.0.0. Due to the improper verification of file to be uploaded and does not strictly restrict the file access path, attackers may upload malicious files to the device, resulting in the service abnormal.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  • Huawei Fusioncompute

    APP
    Huawei
    6.5.06.5.18.0.0
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2020-9233CRITICAL9.1ten sam produkt

FusionCompute 8.0.0 have an insufficient authentication vulnerability. An attacker may exploit the vulnerabili...

CVE-2020-9222HIGH7.0ten sam produkt

There is a privilege escalation vulnerability in Huawei FusionCompute product. Due to insufficient verificatio...

CVE-2020-9236HIGH8.8ten sam produkt

There is an improper interface design vulnerability in Huawei product. A module interface of the impated produ...

CVE-2021-37102HIGH8.8ten sam produkt

There is a command injection vulnerability in CMA service module of FusionCompute product when processing the ...

CVE-2021-37106HIGH7.2ten sam produkt

There is a command injection vulnerability in CMA service module of FusionCompute 6.3.0, 6.3.1, 6.5.0 and 8.0....