CVE-2021-35485

High CVSS: 8.0

The Applications component of Nokia IMPACT version through 19.11.2.10-20210118042150283 allows an authenticated user to arbitrarily upload server-side executable files via the /ui/rest-proxy/application fileupload parameter. This can occur during the adding of a new application, or during the editing of an existing one.

Vendor

Nokia

Product

Impact

CWE

CWE-434

Yayın Tarihi

2026-03-03 18:16:20

Güncelleme

2026-03-05 21:53:44

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-434 Impact HIGH Nokia 2026

Referanslar

https://www.gruppotim.it/it/footer/red-team/2021/Motive-Impact-CVE-2021-35485.html https://www.nokia.com/networks/solutions/impact-iot-platform/ https://www.nokia.com/notices/responsible-disclosure/

Benzer Kayıtlar

High

CVE-2021-35486

A Cross-Site Request Forgery (CSRF) vulnerability in Nokia IMPACT through 19.11.2.10-20210118042150283 allows a remote a…

Low

CVE-2023-31044

An issue was discovered in Nokia Impact before Mobile 23_FP1. In Impact DM 19.11 onwards, a remote authenticated user, u…

Medium

CVE-2021-35483

The Applications component of Nokia IMPACT version through 19.11.2.10-20210118042150283 allows an authenticated user to…

High

CVE-2021-35484

Nokia IMPACT through 19.11.2.10-20210118042150283 allows an authenticated user to perform a Time-based Boolean Blind SQL…

Medium

CVE-2025-10258

Infinera DNA is vulnerable to a time-based SQL injection vulnerability due to insufficient input validation, which may r…

Critical

CVE-2025-27019

Remote shell service (RSH) in Infinera MTC-9 version R22.1.1.0275 allows an attacker to utilize password-less user acco…