Nokia: Security Vulnerabilities
In NOKIA 1350 OMS R14.2, an Open Redirect vulnerability occurs is the login page via next HTTP GET parameter.
CVSS Score
6.1
EPSS Score
0.001
Published
2022-09-13
In NOKIA 1350 OMS R14.2, multiple OS Command Injection vulnerabilities occurs. This vulnerability allow unauthenticated users to execute commands on the operating system.
CVSS Score
9.8
EPSS Score
0.009
Published
2022-09-13
In NOKIA 1350 OMS R14.2, Insufficiently Protected Credentials (cleartext administrator password) occur in the edit configuration page. Exploitation requires an authenticated attacker.
CVSS Score
6.5
EPSS Score
0.001
Published
2022-09-13
In NOKIA 1350 OMS R14.2, multiple SQL Injection vulnerabilities occurs. Exploitation requires an authenticated attacker. Through the injection of arbitrary SQL statements, a potential authenticated attacker can modify query syntax and perform unauthorized (and unexpected) operations against the remote database.
CVSS Score
8.8
EPSS Score
0.001
Published
2022-09-13
NOKIA VitalSuite SPM 2020 is affected by SQL injection through UserName'.
CVSS Score
9.8
EPSS Score
0.005
Published
2022-06-16
Nokia "G-2425G-A" Bharti Airtel Routers Hardware version "3FE48299DEAA" Software Version "3FE49362IJHK42" is vulnerable to Cross-Site Scripting (XSS) via the admin->Maintenance>Device Management.
CVSS Score
4.8
EPSS Score
0.002
Published
2022-06-14
Nokia Broadcast Message Center through 11.1.0 allows an authenticated user to perform a Boolean Blind SQL Injection attack on the endpoint /owui/block/send-receive-updates (for the Manage Alerts page) via the extIdentifier HTTP POST parameter. This allows an attacker to obtain the database user, database name, and database version information, and potentially database data.
CVSS Score
6.5
EPSS Score
0.006
Published
2022-05-25
Nokia BTS TRS web console FTM_W20_FP2_2019.08.16_0010 allows Authentication Bypass. A malicious unauthenticated user can get access to all the functionalities exposed via the web panel, circumventing the authentication process, by using URL encoding for the . (dot) character.
CVSS Score
9.8
EPSS Score
0.011
Published
2022-02-11
Nokia FastMile 3TG00118ABAD52 devices allow privilege escalation by an authenticated user via is_ctc_admin=1 to login_web_app.cgi and use of Import Config File.
CVSS Score
8.8
EPSS Score
0.004
Published
2021-12-27
An issue was discovered in heif through v3.6.2. A global-buffer-overflow exists in the function HevcDecoderConfigurationRecord::getPicWidth() located in hevcdecoderconfigrecord.cpp. It allows an attacker to cause code Execution.
CVSS Score
7.8
EPSS Score
0.004
Published
2021-09-20