CVE-2021-35485Unrestricted File Upload in Impact

CWE-434Unrestricted File Upload3 documents3 sources
Severity
8.0HIGHNVD
EPSS
0.1%
top 80.58%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Nokia Impact
Timeline
PublishedMar 3

Description

The Applications component of Nokia IMPACT version through 19.11.2.10-20210118042150283 allows an authenticated user to arbitrarily upload server-side executable files via the /ui/rest-proxy/application fileupload parameter. This can occur during the adding of a new application, or during the editing of an existing one.

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.1 | Impact: 5.9

Affected Packages1 packages

NVDnokia/impact19.11.2.10-20210118042150283

🔴Vulnerability Details

2
GHSA
GHSA-m34p-fgjw-89x9: The Applications component of Nokia IMPACT version through 192026-03-03
CVEList
CVE-2021-35485: The Applications component of Nokia IMPACT version through 192026-03-03
CVE-2021-35485 — Unrestricted File Upload in Impact | cvebase