CVE-2021-35484

HIGH

8.2

Description

Nokia IMPACT through 19.11.2.10-20210118042150283 allows an authenticated user to perform a Time-based Boolean Blind SQL Injection attack on the endpoint /ui/rest-proxy/campaign/statistic (for the View Campaign page) via the sortColumn HTTP GET parameter. This allows an attacker to access sensitive data from the database and obtain access to the database user, database name, and database version information.

Details CVE

Score CVSS v3.18.2

SeveriteHIGH

Vecteur CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

Vecteur d'attaqueNETWORK

ComplexiteLOW

Privileges requisNONE

Interaction utilisateurNONE

Publie3/3/2026

Derniere modification3/5/2026

Sourcenvd

Observations honeypot0

Produits affectes

nokia:impact

Faiblesses (CWE)

CWE-89

References

https://www.gruppotim.it/it/footer/red-team/2021/Motive-Impact-CVE-2021-35484.html(cve@mitre.org)

https://www.nokia.com/networks/solutions/impact-iot-platform/(cve@mitre.org)

https://www.nokia.com/notices/responsible-disclosure/(cve@mitre.org)

Correlations IOC

Aucune correlation enregistree

This product uses data from the NVD API but is not endorsed or certified by the NVD.