9 matches found
CVE-2022-45899
Nokia Broadcast Message Center BMC before 13.1 allows an unauthenticated remote attacker to do OS command injection as root via shell metacharacters in the Log Scanner Search Pattern field...
CVE-2022-45899
Nokia BMC (Broadcast Message Center) Log Scanner, prior to version 13.1, is vulnerable to unauthenticated command injection via shell metacharacters in the Log Scanner Search Pattern field. An attacker can achieve remote code execution as root. The issue is fixed in version 13.1. Affected product...
CVE-2022-45899
Nokia Broadcast Message Center BMC before 13.1 allows an unauthenticated remote attacker to do OS command injection as root via shell metacharacters in the Log Scanner Search Pattern field...
CVE-2021-35487
Nokia Broadcast Message Center through 11.1.0 allows an authenticated user to perform a Boolean Blind SQL Injection attack on the endpoint /owui/block/send-receive-updates for the Manage Alerts page via the extIdentifier HTTP POST parameter. This allows an attacker to obtain the database user,...
Nokia Broadcast Message Center SQL Injection Vulnerability (CNVD-2022-68946)
Nokia Broadcast Message Center is a broadcast message center for Nokia Finland to manage alerts. An SQL injection vulnerability exists in Nokia Broadcast Message Center 11.1.0 and earlier versions, which originates in /owui/block/send-receive-updates extIdentifier HTTP POST parameter is missing...
CVE-2021-35487
Nokia Broadcast Message Center through 11.1.0 allows an authenticated user to perform a Boolean Blind SQL Injection attack on the endpoint /owui/block/send-receive-updates for the Manage Alerts page via the extIdentifier HTTP POST parameter. This allows an attacker to obtain the database user,...
Sql injection
Nokia Broadcast Message Center through 11.1.0 allows an authenticated user to perform a Boolean Blind SQL Injection attack on the endpoint /owui/block/send-receive-updates for the Manage Alerts page via the extIdentifier HTTP POST parameter. This allows an attacker to obtain the database user,...
CVE-2021-35487
Nokia Broadcast Message Center through 11.1.0 allows an authenticated user to perform a Boolean Blind SQL Injection attack on the endpoint /owui/block/send-receive-updates for the Manage Alerts page via the extIdentifier HTTP POST parameter. This allows an attacker to obtain the database user,...
CVE-2021-35487
Summary : CVE-2021-35487 affects Nokia Broadcast Message Center up to version 11.1.0. An authenticated user can perform a Boolean Blind SQL Injection on the /owui/block/send-receive-updates endpoint via the extIdentifier HTTP POST parameter, enabling retrieval of the database user, database name,...