CVE-2022-46407
low-risk
Published 2023-06-29
Ericsson Network Manager (ENM), versions prior to 22.2, contains a vulnerability in the REST endpoint “editprofile” where Open Redirect HTTP Header Injection can lead to redirection of the submitted request to domain out of control of ENM deployment. The attacker would need admin/elevated access to exploit the vulnerability
Do I need to act?
-
0.13% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
4
CVSS 4.8/10
Medium
NETWORK
/ LOW complexity
Affected Products (1)
Network Manager
Affected Vendors
References (2)
Third Party Advisory
https://www.gruppotim.it/it/footer/red-team.html
Third Party Advisory
https://www.gruppotim.it/it/footer/red-team.html
25
/ 100
low-risk
Severity
19/34 · Moderate
Exploitability
1/34 · Minimal
Exposure
5/34 · Minimal