cbcvebase.

Nokia Network Functions Manager For Transport vulnerabilities

7 known vulnerabilities affecting nokia/network_functions_manager_for_transport.

Total CVEs
7
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH2MEDIUM5

Vulnerabilities

Page 1 of 1
CVE-2022-39818P2HIGHCVSS 8.8v19.92023-12-25
CVE-2022-39818 [HIGH] CWE-78 CVE-2022-39818: In NOKIA NFM-T R19.9, an OS Command Injection vulnerability occurs in /cgi-bin/R19.9/log.pl of the V In NOKIA NFM-T R19.9, an OS Command Injection vulnerability occurs in /cgi-bin/R19.9/log.pl of the VM Manager WebUI via the cmd HTTP GET parameter. This allows authenticated users to execute commands, with root privileges, on the operating system.
nvd
CVE-2022-39822P3HIGHCVSS 8.8v19.92023-12-25
CVE-2022-39822 [HIGH] CWE-89 CVE-2022-39822: In NOKIA NFM-T R19.9, a SQL Injection vulnerability occurs in /cgi-bin/R19.9/easy1350.pl of the VM M In NOKIA NFM-T R19.9, a SQL Injection vulnerability occurs in /cgi-bin/R19.9/easy1350.pl of the VM Manager WebUI via the id or host HTTP GET parameter. An authenticated attacker is required for exploitation.
nvd
CVE-2022-39820P3MEDIUMCVSS 6.5v19.92023-12-25
CVE-2022-39820 [MEDIUM] CWE-522 CVE-2022-39820: In Network Element Manager in NOKIA NFM-T R19.9, an Unprotected Storage of Credentials vulnerability In Network Element Manager in NOKIA NFM-T R19.9, an Unprotected Storage of Credentials vulnerability occurs under /root/RestUploadManager.xml.DRC and /DEPOT/KECustom_199/OTNE_DRC/RestUploadManager.xml. A remote user, authenticated to the operating system, with access privileges to the directory /root or /DEPOT, is able to read cleartext credentials
nvd
CVE-2022-41760P3MEDIUMCVSS 6.5v19.92023-12-25
CVE-2022-41760 [MEDIUM] CWE-22 CVE-2022-41760: An issue was discovered in NOKIA NFM-T R19.9. Relative Path Traversal can occur under /oms1350/data/ An issue was discovered in NOKIA NFM-T R19.9. Relative Path Traversal can occur under /oms1350/data/cpb/log of the Network Element Manager via the filename parameter, allowing a remote authenticated attacker to read arbitrary files.
nvd
CVE-2022-41761P3MEDIUMCVSS 6.5v19.92023-12-25
CVE-2022-41761 [MEDIUM] CWE-22 CVE-2022-41761: An issue was discovered in NOKIA NFM-T R19.9. An Absolute Path Traversal vulnerability exists under An issue was discovered in NOKIA NFM-T R19.9. An Absolute Path Traversal vulnerability exists under /cgi-bin/R19.9/viewlog.pl of the VM Manager WebUI via the logfile parameter, allowing a remote authenticated attacker to read arbitrary files.
nvd
CVE-2022-41762P4MEDIUMCVSS 6.1v19.92023-12-25
CVE-2022-41762 [MEDIUM] CWE-79 CVE-2022-41762: An issue was discovered in NOKIA NFM-T R19.9. Multiple Reflected XSS vulnerabilities exist in the Ne An issue was discovered in NOKIA NFM-T R19.9. Multiple Reflected XSS vulnerabilities exist in the Network Element Manager via any parameter to log.pl, the bench or pid parameter to top.pl, or the id parameter to easy1350.pl.
nvd
CVE-2022-43675P4MEDIUMCVSS 6.1v19.92023-12-25
CVE-2022-43675 [MEDIUM] CWE-79 CVE-2022-43675: An issue was discovered in NOKIA NFM-T R19.9. Reflected XSS in the Network Element Manager exists vi An issue was discovered in NOKIA NFM-T R19.9. Reflected XSS in the Network Element Manager exists via /oms1350/pages/otn/cpbLogDisplay via the filename parameter, under /oms1350/pages/otn/connection/E2ERoutingDisplayWithOverLay via the id parameter, and under /oms1350/pages/otn/mainOtn via all parameters.
nvd
Nokia Network Functions Manager For Transport vulnerabilities | cvebase