This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy

Security Notice - Statement about Two Vulnerabilities in SEQ Analyst Product

  • Initial Release Date: Apr 16, 2015
  • Last Release Date: Apr 16, 2015

Huawei has noticed the two security vulnerabilities in SEQ Analyst products disclosed by security researcher Uğur Cihan KOÇ. These vulnerabilities are:

  • XML injection vulnerability in SEQ Analyst product (CVE-2015-2346)
  • CSS injection vulnerability in SEQ Analyst product (CVE-2015-2347)

Huawei has released fixed versions for the affected products. Customers should contact Huawei TAC (Huawei Technical Assistance Center) to request the upgrades, or obtain them through Huawei worldwide website at http://support.huawei.com/support/.

For TAC contact information, please refer to the following links:

http://support.huawei.com/support/pages/news/NewsInfoAction.do?actionFlag=view&doc_id=IN0000034614&colID=ROOTENWEB%7CCO0000000169%7CCO0000003000

This vulnerability was reported to Huawei by Uğur Cihan KOÇ. Huawei expresses our appreciation for Uğur Cihan KOÇ’s coordinated vulnerability disclosure with Huawei.

2015-04-16 V1.0 Final

Huawei adheres to protecting the ultimate interests of users with best efforts and the principle of responsible disclosure and deal with product security issues through our response mechanism. Please report to Huawei PSIRT at psirt@huawei.com if you find any security vulnerability of Huawei products.