La Sostenibilità per TIM

Il Report 2024 accoglie i principi della Corporate Sustainability Reporting Directive (CSRD) ed è incluso nella Relazione Finanziaria e di Sostenibilità. Approfondisci

Facebook Twitter Linkedin Copia Link

tag

CVE-2022-46408

CVE-2022-46408 – Ericsson Network Manager (ENM)

Vulnerability Description: Improper Neutralization of Formula Elements in a CSV File– CWE-1236

Software Version: < 22.1

NIST: https://nvd.nist.gov/vuln/detail/CVE-2022-46408

CVSv3: 6.8

Severity: Medium

Credits: Andrea Carlo Maria Dattola, Massimiliano Brolli

Ericsson Network Manager (ENM), versions prior to 22.1, contains a vulnerability in the application Network Connectivity Manager (NCM) where improper Neutralization of Formula Elements in a CSV File can lead to remote code execution or data leakage via maliciously injected hyperlinks. The attacker would need admin/elevated access to exploit the vulnerability.