Vulnerability Description
The Applications component of Nokia IMPACT version through 19.11.2.10-20210118042150283 allows an authenticated user to arbitrarily upload JavaScript files via the /ui/rest-proxy/application fileupload parameter. This can occur during the adding of a new application, or during the editing of an existing one. If an authenticated user visits the web page where the file is published, the JavaScript code is executed.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Nokia | Impact | <= 19.11.2.10-20210118042150283 |
Related Weaknesses (CWE)
References
- https://www.gruppotim.it/it/footer/red-team/2021/Motive-Impact-CVE-2021-35483.htThird Party Advisory
- https://www.nokia.com/networks/solutions/impact-iot-platform/Product
- https://www.nokia.com/notices/responsible-disclosure/Issue Tracking
FAQ
What is CVE-2021-35483?
CVE-2021-35483 is a vulnerability with a CVSS score of 4.1 (MEDIUM). The Applications component of Nokia IMPACT version through 19.11.2.10-20210118042150283 allows an authenticated user to arbitrarily upload JavaScript files via the /ui/rest-proxy/application fileuploa...
How severe is CVE-2021-35483?
CVE-2021-35483 has been rated MEDIUM with a CVSS base score of 4.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-35483?
Check the references section above for vendor advisories and patch information. Affected products include: Nokia Impact.