CVE-2021-35484

High CVSS: 8.2

Nokia IMPACT through 19.11.2.10-20210118042150283 allows an authenticated user to perform a Time-based Boolean Blind SQL Injection attack on the endpoint /ui/rest-proxy/campaign/statistic (for the View Campaign page) via the sortColumn HTTP GET parameter. This allows an attacker to access sensitive data from the database and obtain access to the database user, database name, and database version information.

Vendor

Nokia

Product

Impact

CWE

CWE-89

Yayın Tarihi

2026-03-03 18:16:20

Güncelleme

2026-03-05 21:53:00

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-89 Impact HIGH Nokia 2026

Referanslar

https://www.gruppotim.it/it/footer/red-team/2021/Motive-Impact-CVE-2021-35484.html https://www.nokia.com/networks/solutions/impact-iot-platform/ https://www.nokia.com/notices/responsible-disclosure/

Benzer Kayıtlar

High

CVE-2021-35486

A Cross-Site Request Forgery (CSRF) vulnerability in Nokia IMPACT through 19.11.2.10-20210118042150283 allows a remote a…

Low

CVE-2023-31044

An issue was discovered in Nokia Impact before Mobile 23_FP1. In Impact DM 19.11 onwards, a remote authenticated user, u…

Medium

CVE-2021-35483

The Applications component of Nokia IMPACT version through 19.11.2.10-20210118042150283 allows an authenticated user to…

High

CVE-2021-35485

The Applications component of Nokia IMPACT version through 19.11.2.10-20210118042150283 allows an authenticated user to…

Medium

CVE-2025-10258

Infinera DNA is vulnerable to a time-based SQL injection vulnerability due to insufficient input validation, which may r…

Critical

CVE-2025-27019

Remote shell service (RSH) in Infinera MTC-9 version R22.1.1.0275 allows an attacker to utilize password-less user acco…