CVE-2021-35486

High CVSS: 8.1

A Cross-Site Request Forgery (CSRF) vulnerability in Nokia IMPACT through 19.11.2.10-20210118042150283 allows a remote attacker to import and overwrite the entire application configuration. Specifically, in /ui/rest-proxy/entity/import, neither the X-CSRF-NONCE HTTP header nor the CSRF-NONCE cookie is validated.

Vendor

Nokia

Product

Impact Mobile

CWE

CWE-352

Yayın Tarihi

2026-03-03 18:16:21

Güncelleme

2026-03-13 01:04:48

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-352 Impact Mobile HIGH Nokia 2026

Referanslar

https://www.gruppotim.it/it/footer/red-team/2021/Motive-Impact-CVE-2021-35486.html https://www.nokia.com/networks/solutions/impact-iot-platform/ https://www.nokia.com/notices/responsible-disclosure/

Benzer Kayıtlar

Low

CVE-2023-31044

An issue was discovered in Nokia Impact before Mobile 23_FP1. In Impact DM 19.11 onwards, a remote authenticated user, u…

Medium

CVE-2021-35483

The Applications component of Nokia IMPACT version through 19.11.2.10-20210118042150283 allows an authenticated user to…

High

CVE-2021-35484

Nokia IMPACT through 19.11.2.10-20210118042150283 allows an authenticated user to perform a Time-based Boolean Blind SQL…

High

CVE-2021-35485

The Applications component of Nokia IMPACT version through 19.11.2.10-20210118042150283 allows an authenticated user to…

Medium

CVE-2025-10258

Infinera DNA is vulnerable to a time-based SQL injection vulnerability due to insufficient input validation, which may r…

Critical

CVE-2025-27019

Remote shell service (RSH) in Infinera MTC-9 version R22.1.1.0275 allows an attacker to utilize password-less user acco…