Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for Ericsson Catalog Manager by Ericsson

    CVE-2024-25011 (GCVE-0-2024-25011)

    Vulnerability from nvd – Published: 2025-09-18 11:38 – Updated: 2025-09-18 13:31
    VLAI
    Title
    Ericsson Catalog Manager and Ericsson Order Care - Exposure of Sensitive Information Vulnerability
    Summary
    Ericsson Catalog Manager and Ericsson Order Care APIs do not have authentication enabled by default. Authentication checks can be configured to remediate the information disclosure issue.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
    Assigner
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-25011",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-09-18T13:31:25.336493Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-09-18T13:31:46.260Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "Ericsson Catalog Manager",
              "vendor": "Ericsson",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "22.7",
                      "status": "unaffected"
                    }
                  ],
                  "lessThanOrEqual": "22.6",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "Ericsson Order Care",
              "vendor": "Ericsson",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "22.7",
                      "status": "unaffected"
                    }
                  ],
                  "lessThanOrEqual": "22.6",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Ericsson Catalog Manager and Ericsson Order Care APIs do not have authentication enabled by default. Authentication checks can be configured to remediate the information disclosure issue."
                }
              ],
              "value": "Ericsson Catalog Manager and Ericsson Order Care APIs do not have authentication enabled by default. Authentication checks can be configured to remediate the information disclosure issue."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-200",
                  "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-09-18T11:38:18.371Z",
            "orgId": "85b1779b-6ecd-4f52-bcc5-73eac4659dcf",
            "shortName": "ERIC"
          },
          "references": [
            {
              "url": "https://www.ericsson.com/en/about-us/security/psirt/cve-2024-25011"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Ericsson Catalog Manager and Ericsson Order Care - Exposure of Sensitive Information Vulnerability",
          "workarounds": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "If you are unable to upgrade to the fixed versions where the required flag will be enabled by default, authentication checks can be configured under System Configuration to remediate the issue."
                }
              ],
              "value": "If you are unable to upgrade to the fixed versions where the required flag will be enabled by default, authentication checks can be configured under System Configuration to remediate the issue."
            }
          ],
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "85b1779b-6ecd-4f52-bcc5-73eac4659dcf",
        "assignerShortName": "ERIC",
        "cveId": "CVE-2024-25011",
        "datePublished": "2025-09-18T11:38:18.371Z",
        "dateReserved": "2024-02-02T21:33:13.076Z",
        "dateUpdated": "2025-09-18T13:31:46.260Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-25011 (GCVE-0-2024-25011)

    Vulnerability from cvelistv5 – Published: 2025-09-18 11:38 – Updated: 2025-09-18 13:31
    VLAI
    Title
    Ericsson Catalog Manager and Ericsson Order Care - Exposure of Sensitive Information Vulnerability
    Summary
    Ericsson Catalog Manager and Ericsson Order Care APIs do not have authentication enabled by default. Authentication checks can be configured to remediate the information disclosure issue.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
    Assigner
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-25011",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-09-18T13:31:25.336493Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-09-18T13:31:46.260Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "Ericsson Catalog Manager",
              "vendor": "Ericsson",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "22.7",
                      "status": "unaffected"
                    }
                  ],
                  "lessThanOrEqual": "22.6",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "affected",
              "product": "Ericsson Order Care",
              "vendor": "Ericsson",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "22.7",
                      "status": "unaffected"
                    }
                  ],
                  "lessThanOrEqual": "22.6",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Ericsson Catalog Manager and Ericsson Order Care APIs do not have authentication enabled by default. Authentication checks can be configured to remediate the information disclosure issue."
                }
              ],
              "value": "Ericsson Catalog Manager and Ericsson Order Care APIs do not have authentication enabled by default. Authentication checks can be configured to remediate the information disclosure issue."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-200",
                  "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-09-18T11:38:18.371Z",
            "orgId": "85b1779b-6ecd-4f52-bcc5-73eac4659dcf",
            "shortName": "ERIC"
          },
          "references": [
            {
              "url": "https://www.ericsson.com/en/about-us/security/psirt/cve-2024-25011"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Ericsson Catalog Manager and Ericsson Order Care - Exposure of Sensitive Information Vulnerability",
          "workarounds": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "If you are unable to upgrade to the fixed versions where the required flag will be enabled by default, authentication checks can be configured under System Configuration to remediate the issue."
                }
              ],
              "value": "If you are unable to upgrade to the fixed versions where the required flag will be enabled by default, authentication checks can be configured under System Configuration to remediate the issue."
            }
          ],
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "85b1779b-6ecd-4f52-bcc5-73eac4659dcf",
        "assignerShortName": "ERIC",
        "cveId": "CVE-2024-25011",
        "datePublished": "2025-09-18T11:38:18.371Z",
        "dateReserved": "2024-02-02T21:33:13.076Z",
        "dateUpdated": "2025-09-18T13:31:46.260Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }