Summaryinfo

A vulnerability, which was classified as problematic, has been found in Huawei FusionCompute. Affected by this issue is some unknown functionality. The manipulation leads to access control (User). This vulnerability is documented as CVE-2015-8336. The attack can be initiated remotely. There is not any exploit available. It is advisable to upgrade the affected component.

Detailsinfo

A vulnerability was found in Huawei FusionCompute and classified as problematic. This issue affects an unknown functionality. The manipulation with an unknown input leads to a access control vulnerability (User). Using CWE to declare the problem leads to CWE-264. Impacted is confidentiality. The summary by CVE is:

Huawei FusionCompute with software before V100R005C10SPC700 allows remote authenticated users to obtain sensitive "role and permission" information via unspecified vectors.

The weakness was released 04/14/2016 (Website). It is possible to read the advisory at www1.huawei.com. The identification of this vulnerability is CVE-2015-8336 since 11/23/2015. The attack may be initiated remotely. The successful exploitation needs a simple authentication. The technical details are unknown and an exploit is not publicly available. The attack technique deployed by this issue is T1068 according to MITRE ATT&CK.

Upgrading to version V100R005C10SPC700 eliminates this vulnerability.

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

Productinfo

Vendor

• Huawei

Name

• FusionCompute

Version

• 6.0.0
• 6.3.0
• 6.3.1
• 6.5.0
• 6.5.1
• 8.0.0
• V100R005C00
• V100R005C10
• V100R005C10CP7002

License

• commercial

Website

• Vendor: https://www.huawei.com/

CPE 2.3info

• 🔍
• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Discussion