Ericsson Network Manager — known CVE vulnerabilities
Every CVE whose affected-product data names Ericsson Network Manager, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (8)
CVE-2025-27258 — CVSS 9.8 (critical): Ericsson Network Manager (ENM) versions prior to ENM 25.1 GA contain a vulnerability, if exploited, can result in an escalation of…
CVE-2023-39909 — CVSS 8.8 (high): Ericsson Network Manager before 23.2 mishandles Access Control and thus unauthenticated low-privilege users can access the NCM application.
CVE-2024-25007 — CVSS 7.1 (high): Ericsson Network Manager (ENM), versions prior to 23.1, contains a vulnerability in the export function of application log where Improper…
CVE-2022-46408 — CVSS 6.8 (medium): Ericsson Network Manager (ENM), versions prior to 22.1, contains a vulnerability in the application Network Connectivity Manager (NCM)…
CVE-2021-28488 — CVSS 6.5 (medium): Ericsson Network Manager (ENM) before 21.2 has incorrect access-control behavior (that only affects the level of access available to…
CVE-2025-27259 — CVSS 5.4 (medium): Ericsson Network Manager versions prior to ENM 25.2 GA contain a vulnerability that, if exploited, can exfiltrate limited data or redirect…
CVE-2021-32570 — CVSS 4.9 (medium): In Ericsson Network Manager (ENM) releases before 21.2, users belonging to the same AMOS authorization group can retrieve the data from…
CVE-2022-46407 — CVSS 4.8 (medium): Ericsson Network Manager (ENM), versions prior to 22.2, contains a vulnerability in the REST endpoint “editprofile” where Open Redirect…