exploitDog

CVE-2021-35484

Опубликовано: 03 мар. 2026

Источник: nvd

CVSS3: 8.2

EPSS Низкий

Описание

Nokia IMPACT through 19.11.2.10-20210118042150283 allows an authenticated user to perform a Time-based Boolean Blind SQL Injection attack on the endpoint /ui/rest-proxy/campaign/statistic (for the View Campaign page) via the sortColumn HTTP GET parameter. This allows an attacker to access sensitive data from the database and obtain access to the database user, database name, and database version information.

Ссылки

https://www.gruppotim.it/it/footer/red-team/2021/Motive-Impact-CVE-2021-35484.html
Third Party Advisory
https://www.nokia.com/networks/solutions/impact-iot-platform/
Product
https://www.nokia.com/notices/responsible-disclosure/
Issue Tracking

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:nokia:impact:*:*:*:*:*:*:*:*

Версия до 19.11.2.10-20210118042150283 (включая)

EPSS

Процентиль: 8%

0.0003

Низкий

8.2 High

CVSS3

Дефекты

CWE-89

Связанные уязвимости

GHSA-xw9q-6q4j-fhcr

CVSS3: 8.2

github

27 дней назад

Nokia IMPACT through 19.11.2.10-20210118042150283 allows an authenticated user to perform a Time-based Boolean Blind SQL Injection attack on the endpoint /ui/rest-proxy/campaign/statistic (for the View Campaign page) via the sortColumn HTTP GET parameter. This allows an attacker to access sensitive data from the database and obtain access to the database user, database name, and database version information.

EPSS

Процентиль: 8%

0.0003

Низкий

8.2 High

CVSS3

Дефекты

CWE-89