CVE-2021-35484SQL Injection in Impact

CWE-89SQL Injection3 documents3 sources
Severity
8.2HIGHNVD
EPSS
0.0%
top 90.64%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Nokia Impact
Timeline
PublishedMar 3

Description

Nokia IMPACT through 19.11.2.10-20210118042150283 allows an authenticated user to perform a Time-based Boolean Blind SQL Injection attack on the endpoint /ui/rest-proxy/campaign/statistic (for the View Campaign page) via the sortColumn HTTP GET parameter. This allows an attacker to access sensitive data from the database and obtain access to the database user, database name, and database version information.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:NExploitability: 3.9 | Impact: 4.2

Affected Packages1 packages

NVDnokia/impact19.11.2.10-20210118042150283

🔴Vulnerability Details

2
CVEList
CVE-2021-35484: Nokia IMPACT through 192026-03-03
GHSA
GHSA-xw9q-6q4j-fhcr: Nokia IMPACT through 192026-03-03
CVE-2021-35484 — SQL Injection in Nokia Impact | cvebase