CVE-2021-35484

Sažetak

Nokia IMPACT through 19.11.2.10-20210118042150283 allows an authenticated user to perform a Time-based Boolean Blind SQL Injection attack on the endpoint /ui/rest-proxy/campaign/statistic (for the View Campaign page) via the sortColumn HTTP GET parameter. This allows an attacker to access sensitive data from the database and obtain access to the database user, database name, and database version information.

Reference

https://www.gruppotim.it/it/footer/red-team/2021/Motive-Impact-CVE-2021-35484.html
https://www.nokia.com/networks/solutions/impact-iot-platform/
https://www.nokia.com/notices/responsible-disclosure/

CVSS

Base:	8.2
Impact:	4.2
Exploitability:	3.9

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
HIGH	LOW	NONE

CVSS vektor

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

Zadnje važnije ažuriranje

05-03-2026 - 21:53

Objavljeno

03-03-2026 - 18:16