Ericsson Network_manager
8 CVEs affecting Ericsson Network_manager. Latest disclosed: 2025-10-13. Critical: 1, High: 2.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2025-27258 | Critical | 9.8 | 2025-10-13 | Ericsson Network Manager (ENM) versions prior to ENM 25.1 GA contain a vulnerability, if exploited, can result in an escalation of privilege. |
CVE-2023-39909 | High | 8.8 | 2023-12-07 | Ericsson Network Manager before 23.2 mishandles Access Control and thus unauthenticated low-privilege users can access the NCM application. |
CVE-2024-25007 | High | 7.1 | 2024-04-04 | Ericsson Network Manager (ENM), versions prior to 23.1, contains a vulnerability in the export function of application log where Improper Neutralization of Fo… |
CVE-2022-46408 | Medium | 6.8 | 2023-06-29 | Ericsson Network Manager (ENM), versions prior to 22.1, contains a vulnerability in the application Network Connectivity Manager (NCM) where improper Neutraliz… |
CVE-2021-28488 | Medium | 6.5 | 2022-03-10 | Ericsson Network Manager (ENM) before 21.2 has incorrect access-control behavior (that only affects the level of access available to persons who were already g… |
CVE-2025-27259 | Medium | 5.4 | 2025-10-13 | Ericsson Network Manager versions prior to ENM 25.2 GA contain a vulnerability that, if exploited, can exfiltrate limited data or redirect victims to other sit… |
CVE-2021-32570 | Medium | 4.9 | 2022-08-26 | In Ericsson Network Manager (ENM) releases before 21.2, users belonging to the same AMOS authorization group can retrieve the data from certain log files. All… |
CVE-2022-46407 | Medium | 4.8 | 2023-06-29 | Ericsson Network Manager (ENM), versions prior to 22.2, contains a vulnerability in the REST endpoint “editprofile” where Open Redirect HTTP Header Injection c… |