Nokia Impact vulnerabilities

CVE-2021-35485 [HIGH] CWE-434 CVE-2021-35485: The Applications component of Nokia IMPACT version through 19.11.2.10-20210118042150283 allows an au The Applications component of Nokia IMPACT version through 19.11.2.10-20210118042150283 allows an authenticated user to arbitrarily upload server-side executable files via the /ui/rest-proxy/application fileupload parameter. This can occur during the adding of a new application, or during the editing of an existing one.

CVE-2021-35484 [HIGH] CWE-89 CVE-2021-35484: Nokia IMPACT through 19.11.2.10-20210118042150283 allows an authenticated user to perform a Time-bas Nokia IMPACT through 19.11.2.10-20210118042150283 allows an authenticated user to perform a Time-based Boolean Blind SQL Injection attack on the endpoint /ui/rest-proxy/campaign/statistic (for the View Campaign page) via the sortColumn HTTP GET parameter. This allows an attacker to access sensitive data from the database and obtain access to the databa

CVE-2021-35483 [MEDIUM] CWE-79 CVE-2021-35483: The Applications component of Nokia IMPACT version through 19.11.2.10-20210118042150283 allows an au The Applications component of Nokia IMPACT version through 19.11.2.10-20210118042150283 allows an authenticated user to arbitrarily upload JavaScript files via the /ui/rest-proxy/application fileupload parameter. This can occur during the adding of a new application, or during the editing of an existing one. If an authenticated user visits the web pa

CVE-2019-17403 [HIGH] CWE-434 CVE-2019-17403: Nokia IMPACT < 18A: An unrestricted File Upload vulnerability was found that may lead to Remote Code Nokia IMPACT < 18A: An unrestricted File Upload vulnerability was found that may lead to Remote Code Execution.

CVE-2019-17406 [MEDIUM] CWE-22 CVE-2019-17406: Nokia IMPACT < 18A has path traversal that may lead to RCE if chained with CVE-2019-1743 Nokia IMPACT < 18A has path traversal that may lead to RCE if chained with CVE-2019-1743