Filtered by vendor Nokia
Subscriptions
Filtered by product Impact
Subscriptions
Total
9 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-35486 | 1 Nokia | 1 Impact | 2026-03-04 | 8.1 High |
| A Cross-Site Request Forgery (CSRF) vulnerability in Nokia IMPACT through 19.11.2.10-20210118042150283 allows a remote attacker to import and overwrite the entire application configuration. Specifically, in /ui/rest-proxy/entity/import, neither the X-CSRF-NONCE HTTP header nor the CSRF-NONCE cookie is validated. | ||||
| CVE-2021-35485 | 1 Nokia | 1 Impact | 2026-03-04 | 8 High |
| The Applications component of Nokia IMPACT version through 19.11.2.10-20210118042150283 allows an authenticated user to arbitrarily upload server-side executable files via the /ui/rest-proxy/application fileupload parameter. This can occur during the adding of a new application, or during the editing of an existing one. | ||||
| CVE-2021-35484 | 1 Nokia | 1 Impact | 2026-03-04 | 8.2 High |
| Nokia IMPACT through 19.11.2.10-20210118042150283 allows an authenticated user to perform a Time-based Boolean Blind SQL Injection attack on the endpoint /ui/rest-proxy/campaign/statistic (for the View Campaign page) via the sortColumn HTTP GET parameter. This allows an attacker to access sensitive data from the database and obtain access to the database user, database name, and database version information. | ||||
| CVE-2021-35483 | 1 Nokia | 1 Impact | 2026-03-04 | 4.1 Medium |
| The Applications component of Nokia IMPACT version through 19.11.2.10-20210118042150283 allows an authenticated user to arbitrarily upload JavaScript files via the /ui/rest-proxy/application fileupload parameter. This can occur during the adding of a new application, or during the editing of an existing one. If an authenticated user visits the web page where the file is published, the JavaScript code is executed. | ||||
| CVE-2023-31044 | 1 Nokia | 1 Impact | 2026-03-04 | 2 Low |
| An issue was discovered in Nokia Impact before Mobile 23_FP1. In Impact DM 19.11 onwards, a remote authenticated user, using the Add Campaign functionality, can inject a malicious payload within the Campaign Name. This data can be exported to a CSV file. Attackers can populate data fields that may attempt data exfiltration or other malicious activity when automatically executed by the spreadsheet software. | ||||
| CVE-2019-17406 | 1 Nokia | 1 Impact | 2024-11-21 | 5.3 Medium |
| Nokia IMPACT < 18A has path traversal that may lead to RCE if chained with CVE-2019-1743 | ||||
| CVE-2019-17405 | 1 Nokia | 1 Impact | 2024-11-21 | 6.1 Medium |
| Nokia IMPACT < 18A: has Reflected self XSS | ||||
| CVE-2019-17404 | 1 Nokia | 1 Impact | 2024-11-21 | 4.3 Medium |
| Nokia IMPACT < 18A: allows full path disclosure | ||||
| CVE-2019-17403 | 1 Nokia | 1 Impact | 2024-11-21 | 8.8 High |
| Nokia IMPACT < 18A: An unrestricted File Upload vulnerability was found that may lead to Remote Code Execution. | ||||
Page 1 of 1.