CVE-2021-35484

HIGH

8.2

Description

Nokia IMPACT through 19.11.2.10-20210118042150283 allows an authenticated user to perform a Time-based Boolean Blind SQL Injection attack on the endpoint /ui/rest-proxy/campaign/statistic (for the View Campaign page) via the sortColumn HTTP GET parameter. This allows an attacker to access sensitive data from the database and obtain access to the database user, database name, and database version information.

CVE Details

CVSS v3.1 Score8.2

SeverityHIGH

CVSS VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

Attack VectorNETWORK

ComplexityLOW

Privileges RequiredNONE

User InteractionNONE

Published3/3/2026

Last Modified3/5/2026

Sourcenvd

Honeypot Sightings0

Affected Products

nokia:impact

Weaknesses (CWE)

CWE-89

References

https://www.gruppotim.it/it/footer/red-team/2021/Motive-Impact-CVE-2021-35484.html(cve@mitre.org)

https://www.nokia.com/networks/solutions/impact-iot-platform/(cve@mitre.org)

https://www.nokia.com/notices/responsible-disclosure/(cve@mitre.org)

IOC Correlations

No correlations recorded

This product uses data from the NVD API but is not endorsed or certified by the NVD.