Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In December 2023
CVE-2022-39820
In Network Element Manager in NOKIA NFM-T R19.9, an Unprotected Storage of Credentials vulnerability occurs under /root/RestUploadManager.xml.DRC and /DEPOT/KECustom_199/OTNE_DRC/RestUploadManager.xml. A remote user, authenticated to the operating system, with access privileges to the directory /root or /DEPOT, is able to read cleartext credentials to access the web portal NFM-T and control all the PPS Network elements.
CVSS Score
6.5
EPSS Score
0.001
Published
2023-12-25
CVE-2022-39822
In NOKIA NFM-T R19.9, a SQL Injection vulnerability occurs in /cgi-bin/R19.9/easy1350.pl of the VM Manager WebUI via the id or host HTTP GET parameter. An authenticated attacker is required for exploitation.
CVSS Score
8.8
EPSS Score
0.001
Published
2023-12-25
CVE-2022-41760
An issue was discovered in NOKIA NFM-T R19.9. Relative Path Traversal can occur under /oms1350/data/cpb/log of the Network Element Manager via the filename parameter, allowing a remote authenticated attacker to read arbitrary files.
CVSS Score
6.5
EPSS Score
0.001
Published
2023-12-25
CVE-2022-41761
An issue was discovered in NOKIA NFM-T R19.9. An Absolute Path Traversal vulnerability exists under /cgi-bin/R19.9/viewlog.pl of the VM Manager WebUI via the logfile parameter, allowing a remote authenticated attacker to read arbitrary files.
CVSS Score
6.5
EPSS Score
0.001
Published
2023-12-25
CVE-2022-41762
An issue was discovered in NOKIA NFM-T R19.9. Multiple Reflected XSS vulnerabilities exist in the Network Element Manager via any parameter to log.pl, the bench or pid parameter to top.pl, or the id parameter to easy1350.pl.
CVSS Score
6.1
EPSS Score
0.001
Published
2023-12-25
CVE-2022-43675
An issue was discovered in NOKIA NFM-T R19.9. Reflected XSS in the Network Element Manager exists via /oms1350/pages/otn/cpbLogDisplay via the filename parameter, under /oms1350/pages/otn/connection/E2ERoutingDisplayWithOverLay via the id parameter, and under /oms1350/pages/otn/mainOtn via all parameters.
CVSS Score
6.1
EPSS Score
0.001
Published
2023-12-25
CVE-2023-31289
Pexip Infinity before 31.2 has Improper Input Validation for signalling, allowing remote attackers to trigger an abort.
CVSS Score
7.5
EPSS Score
0.003
Published
2023-12-25
CVE-2023-31455
Pexip Infinity before 31.2 has Improper Input Validation for RTCP, allowing remote attackers to trigger an abort.
CVSS Score
7.5
EPSS Score
0.003
Published
2023-12-25
CVE-2023-37225
Pexip Infinity before 32 allows Webapp1 XSS via preconfigured links.
CVSS Score
6.1
EPSS Score
0.002
Published
2023-12-25
CVE-2023-40236
In Pexip VMR self-service portal before 3, the same SSH host key is used across different customers' installations, which allows authentication bypass.
CVSS Score
5.3
EPSS Score
0.0
Published
2023-12-25


Products
Pricing
Contact Us

Shodan ® - All rights reserved