This page lists publicly disclosed CVE vulnerabilities affecting ericssonlg ipecs_nms (linked via NVD CPE). Each row includes severity scores, summaries, and publication dates to help identify and analyze security issues.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2018-15138 | Ericsson-LG iPECS NMS 30M allows directory traversal via ipecs-cm/download?filename=../ URIs. | [email protected] | 7.5 | 12.85% | 2018-08-15 | 2026-06-16 |
| CVE-2018-9245 | The Ericsson-LG iPECS NMS A.1Ac login portal has a SQL injection vulnerability in the User ID and password fields that allows users to bypass the login page and execute remote code on the operating system. | [email protected] | 9.8 | 4.18% | 2018-04-22 | 2026-06-16 |
| CVE-2018-10286 | The Ericsson-LG iPECS NMS A.1Ac web application discloses sensitive information such as the NMS admin credentials and the PostgreSQL database credentials to logged-in users via the responses to certain HTTP POST requests. In order to be able to see the credentials in cleartext, an attacker needs to be authenticated. | [email protected] | 8.8 | 6.73% | 2018-04-22 | 2026-06-16 |
| CVE-2018-10285 | The Ericsson-LG iPECS NMS A.1Ac web application uses incorrect access control mechanisms. Since the app does not use any sort of session ID, an attacker might bypass authentication. | [email protected] | 9.8 | 13.73% | 2018-04-22 | 2026-06-16 |