|
Initial Release Date: November 1, 2022 Vulnerability ID CVE ID:CVE-2022-39069 CNNVD ID:CNNVD-2022-86784847 CVSS 3.1 Base Score 4.3 Medium (AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) Description There is a SQL injection vulnerability in ZTE ZAIP-AIE. Due to lack of input verification by the server, an attacker could trigger an attack by building malicious requests. Exploitation of this vulnerability could cause the leakage of the current table content. Affected Products and Fixes Product Name | Affected Version | Resolved Version | ZAIP-AIE | ZAIP-AIEV8.22.01 | ZAIP-AIEV8.22.02 |
Source The vulnerability was found by ZTE's internal test. Update Records November 1, 2022, initial. Version Update Method Please refer to the ZAIP-AIE upgrade manual to perform the upgrade. Global Customer Support Center http://support.zte.com.cn/support/web/Contact.aspx?langType=en ZTE PSIRT https://www.zte.com.cn/global/cybersecurity/ztepsirt.html
|