Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Authentication Bypass
Vulnerability Description
The CBIS/NCS Manager API is vulnerable to an authentication bypass. By sending a specially crafted HTTP header, an unauthenticated user can gain unauthorized access to API functions. This flaw allows attackers to reach restricted or sensitive endpoints of the HTTP API without providing any valid credentials. The root cause of this vulnerability lies in a weak verification mechanism within the authentication implementation present in the Nginx Podman container on the CBIS/NCS Manager host machine. The risk can be partially mitigated by restricting access to the management network using external firewall.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Nokia CloudBand Infrastructure Software和Nokia Container Service 安全漏洞
Vulnerability Description
Nokia CloudBand Infrastructure Software和Nokia Container Service都是芬兰诺基亚(Nokia)公司的产品。Nokia CloudBand Infrastructure Software是一款用于支撑网络功能虚拟化的平台。Nokia Container Service是一个容器管理服务。 Nokia CloudBand Infrastructure Software和Nokia Container Service存在安全漏洞,该漏洞源于身份验证实现
CVSS Information
N/A
Vulnerability Type
N/A