CVE-2021-35484
Last modified
CVE-2021-35484 is a high-severity vulnerability rated 8.2/10 on the CVSS scale. Nokia IMPACT through 19.11.2.10-20210118042150283 allows an authenticated user to perform a Time-based Boolean Blind SQL Injection attack on the endpoint /ui/rest-proxy/campaign/statistic (for the View Campaign page) via the sortColumn HTTP GET parameter. This allows an attacker to access sensitive data from the database and obtain access to the database user, database name, and database version information.. EPSS estimates a 0.24% chance of exploitation in the next 30 days.
Description
Nokia IMPACT through 19.11.2.10-20210118042150283 allows an authenticated user to perform a Time-based Boolean Blind SQL Injection attack on the endpoint /ui/rest-proxy/campaign/statistic (for the View Campaign page) via the sortColumn HTTP GET parameter. This allows an attacker to access sensitive data from the database and obtain access to the database user, database name, and database version information.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Nokia | Impact | <= 19.11.2.10-20210118042150283 |
References
Timeline
- Published
- Last Modified
- Status
- Analyzed
Frequently Asked Questions
What is CVE-2021-35484?
How severe is CVE-2021-35484?
How do I fix CVE-2021-35484?
Are you affected by CVE-2021-35484?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST