GCVE - cpe:2.3:a:ericsson:network_manager:*:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:ericsson:network_manager:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	Ericsson (`198bbf36-f632-548c-bd14-c61a678abe8e`)
Product	Network Manager (`8e37126c-a50a-5651-b1b5-7cc10d9f5b4e`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2025-27259`	vulnerable	2026-06-03 15:00:11.962873	Ericsson Network Manager: improper neutralization of user controlled input Ericsson Network Manager versions prior to ENM 25.2 GA contain a vulnerability that, if exploited, can exfiltrate limited data or redirect victims to other sites or domains. Published: 2025-10-13T06:16:37.104Z Updated: 2025-10-14T16:06:38.469Z Open on db.gcve.eu Reference links https://www.ericsson.com/en/about-us/security/psirt/security-bulletin-enm-october-2025	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-27258`	vulnerable	2026-06-03 15:00:11.962281	Ericsson Network Manager: escalation of privilege vulnerability Ericsson Network Manager (ENM) versions prior to ENM 25.1 GA contain a vulnerability, if exploited, can result in an escalation of privilege. Published: 2025-10-13T06:25:32.326Z Updated: 2025-10-14T15:29:59.253Z Open on db.gcve.eu Reference links https://www.ericsson.com/en/about-us/security/psirt/security-bulletin-enm-october-2025	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-25007`	vulnerable	2026-06-03 14:55:06.230463	Ericsson Network Manager - Improper Neutralization of Formula Elements Vulnerability HIGH (7.1) Ericsson Network Manager (ENM), versions prior to 23.1, contains a vulnerability in the export function of application log where Improper Neutralization of Formula Elements in a CSV File can lead to code execution or information disclosure. There is limited impact to integrity and availability. The attacker on the adjacent network with administration access can exploit the vulnerability. Published: 2024-04-04T18:25:21.681Z Updated: 2024-08-01T23:36:21.561Z Open on db.gcve.eu Reference links https://www.ericsson.com/en/about-us/security/psirt/security-bulletin--ericsson-network-manager-march-2024	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-39909`	vulnerable	2026-06-03 14:52:39.481671	Details available Ericsson Network Manager before 23.2 mishandles Access Control and thus unauthenticated low-privilege users can access the NCM application. Published: 2023-12-07T00:00:00.000Z Updated: 2024-08-02T18:18:09.874Z Open on db.gcve.eu Reference links https://www.gruppotim.it/it/footer/red-team.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2022-46408`	vulnerable	2026-06-03 14:48:26.045087	Details available Ericsson Network Manager (ENM), versions prior to 22.1, contains a vulnerability in the application Network Connectivity Manager (NCM) where improper Neutralization of Formula Elements in a CSV File can lead to remote code execution or data leakage via maliciously injected hyperlinks. The attacker would need admin/elevated access to exploit the vulnerability. Published: 2023-06-29T00:00:00.000Z Updated: 2024-11-27T14:31:43.310Z Open on db.gcve.eu Reference links https://www.gruppotim.it/it/footer/red-team.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2022-46407`	vulnerable	2026-06-03 14:48:26.044715	Details available Ericsson Network Manager (ENM), versions prior to 22.2, contains a vulnerability in the REST endpoint “editprofile” where Open Redirect HTTP Header Injection can lead to redirection of the submitted request to domain out of control of ENM deployment. The attacker would need admin/elevated access to exploit the vulnerability Published: 2023-06-29T00:00:00.000Z Updated: 2024-11-27T14:32:28.016Z Open on db.gcve.eu Reference links https://www.gruppotim.it/it/footer/red-team.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2021-32570`	vulnerable	2026-06-03 14:44:39.775817	Details available In Ericsson Network Manager (ENM) releases before 21.2, users belonging to the same AMOS authorization group can retrieve the data from certain log files. All AMOS users are considered to be highly privileged users in ENM system and all must be previously defined and authorized by the Security Administrator. Those users can access some log’s files, under a common path, and read information stored in the log’s files in order to conduct privilege escalation. Published: 2022-08-25T23:28:42.000Z Updated: 2024-08-03T23:25:30.481Z Open on db.gcve.eu Reference links https://www.ericsson.com https://www.gruppotim.it/it/footer/red-team.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2021-28488`	vulnerable	2026-06-03 14:44:18.342849	Details available Ericsson Network Manager (ENM) before 21.2 has incorrect access-control behavior (that only affects the level of access available to persons who were already granted a highly privileged role). Users in the same AMOS authorization group can retrieve managed-network data that was not set to be accessible to the entire group (i.e., was only set to be accessible to a subset of that group). Published: 2022-03-08T22:51:21.000Z Updated: 2024-08-03T21:47:32.592Z Open on db.gcve.eu Reference links https://www.ericsson.com https://www.gruppotim.it/it/footer/red-team.html https://www.ericsson.com/en/about-us/enterprise-security/psirt	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.