CVE-2015-2253

Published: Jun 8, 2017Modified: May 13, 2026

5.0

Vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N

Exploitability: 1.3 / Impact: 3.6

Source: NVD

Description

The XML interface in Huawei OceanStor UDS devices with software before V100R002C01SPC102 allows remote authenticated users to obtain sensitive information via a crafted XML document.

Affected (1)

Products: Huawei: Oceanstor Uds Firmware

Huawei

1 product

Oceanstor Uds Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Huawei Oceanstor Uds Firmware	Up to v100r002c01spc101

Running on/with	Platform Versions
Huawei Oceanstor Uds	All versions

Related CWEs

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (2)

http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-417837.htm

Source: cve@mitre.org

Vendor Advisory

http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-417837.htm

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.