CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Vulnrichment•added 2023/07/24 12:0 a.m.•18 views

CVE-2022-28863

An issue was discovered in Nokia NetAct 22. A remote user, authenticated to the website, can visit the Site Configuration Tool section and arbitrarily upload potentially dangerous files without restrictions via the /netact/sct dir parameter in conjunction with the operation=upload value...

6.9AI score0.00952EPSS

Vulnrichment•added 2023/07/24 12:0 a.m.•12 views

CVE-2022-30280

/SecurityManagement/html/createuser.jsf in Nokia NetAct 22 allows CSRF. A remote attacker is able to create users with arbitrary privileges, even administrative privileges. The application even if it implements a CSRF token for the random GET request does not ever verify a CSRF token. With a litt...

7.2AI score0.00381EPSS

Positive Technologies•added 2023/07/24 12:0 a.m.•5 views

PT-2023-12954 · Nokia · Nokia Netact

Name of the Vulnerable Software and Affected Versions: Nokia NetAct version 22 Description: An issue was discovered in the Administration of Measurements website section, where a malicious user can edit or add the templateName parameter to include malicious code. This code is then downloaded as a...

8.8CVSS8.4AI score0.00859EPSS

Positive Technologies•added 2023/07/24 12:0 a.m.•6 views

PT-2023-12999 · Nokia · Nokia Netact

Name of the Vulnerable Software and Affected Versions: Nokia NetAct version 22 Description: The issue concerns a CSRF vulnerability in the /SecurityManagement/html/createuser.jsf endpoint. A remote attacker can create users with arbitrary privileges, including administrative privileges, due to th...

8.8CVSS8.5AI score0.00381EPSS

CNNVD•added 2023/07/24 12:0 a.m.•3 views

Nokia NetAct 跨站脚本漏洞

Nokia NetAct is a network management system from Nokia of Finland. A security vulnerability exists in Nokia NetAct version 22, which originates from a vulnerability that allows an attacker to change the filename of an uploaded file to include JavaScript code, which is then stored and executed by...

5.4CVSS5.7AI score0.00389EPSS

CNNVD•added 2023/07/24 12:0 a.m.•3 views

Nokia NetAct 跨站脚本漏洞

Nokia NetAct is a network management system from Nokia of Finland. A security vulnerability exists in Nokia NetAct version 22 that originates from a vulnerability that allows an attacker to edit or add the templateName parameter to include JavaScript code, which is then stored and executed by the...

5.4CVSS5.7AI score0.00389EPSS

Cvelist•added 2023/07/24 12:0 a.m.•33 views

CVE-2022-28863

8.8AI score0.00952EPSS

CNNVD•added 2023/07/24 12:0 a.m.•5 views

Nokia NetAct 安全漏洞

Nokia NetAct is a network management system from the Finnish company Nokia. A security vulnerability exists in Nokia NetAct version 22 that originates from a vulnerability that allows an attacker to edit or add the templateName parameter to include malicious code, which can then be downloaded as ...

8.8CVSS8AI score0.00859EPSS

CVE•added 2023/07/24 12:0 a.m.•56 views

CVE-2022-28867

CVE-2022-28867 affects Nokia NetAct 22 in the Administration of Measurements web UI. A malicious user can edit or add the templateName parameter to inject JavaScript, which is then stored and executed in the victim’s browser. Endpoints involved: /aom/html/EditTemplate.jsf and /aom/html/ViewAllTem...

5.4CVSS5.4AI score0.00389EPSS

Exploits1References2Affected Software1

Vulnrichment•added 2023/07/24 12:0 a.m.•16 views

CVE-2022-28865

An issue was discovered in Nokia NetAct 22 through the Site Configuration Tool website section. A malicious user can change a filename of an uploaded file to include JavaScript code, which is then stored and executed by a victim's web browser. The most common mechanism for delivering malicious...

6.6AI score0.00389EPSS

Cvelist•added 2023/07/24 12:0 a.m.•33 views

CVE-2022-28867

5.7AI score0.00389EPSS

Vulnrichment•added 2023/07/24 12:0 a.m.•16 views

CVE-2022-28864

An issue was discovered in Nokia NetAct 22 through the Administration of Measurements website section. A malicious user can edit or add the templateName parameter in order to include malicious code, which is then downloaded as a .csv or .xlsx file and executed on a victim machine. Here, the...

6.8AI score0.00859EPSS

CNNVD•added 2023/07/24 12:0 a.m.•4 views

Nokia NetAct 跨站请求伪造漏洞

Nokia NetAct is a network management system from Nokia, Finland. A security vulnerability exists in Nokia NetAct version 22, which originates from a cross-site request forgery CSRF vulnerability in the file createuser.jsf. The vulnerability can be exploited to create users with arbitrary privileg...

8.8CVSS7.9AI score0.00381EPSS

Positive Technologies•added 2023/07/24 12:0 a.m.•5 views

PT-2023-12955 · Nokia · Nokia Netact

Name of the Vulnerable Software and Affected Versions: Nokia NetAct version 22 Description: An issue was discovered in the Site Configuration Tool website section, where a malicious user can change the filename of an uploaded file to include JavaScript code. This code is then stored and executed ...

5.4CVSS5.4AI score0.00389EPSS

Positive Technologies•added 2023/07/24 12:0 a.m.•5 views

PT-2023-12956 · Nokia · Nokia Netact

5.4CVSS5.4AI score0.00389EPSS

Positive Technologies•added 2023/07/24 12:0 a.m.•5 views

PT-2023-12953 · Nokia · Nokia Netact

Name of the Vulnerable Software and Affected Versions: Nokia NetAct version 22 Description: A remote user, authenticated to the website, can visit the Site Configuration Tool section and arbitrarily upload potentially dangerous files without restrictions via the "/netact/sct" dir parameter in...

8.8CVSS8.6AI score0.00952EPSS

CNNVD•added 2023/07/24 12:0 a.m.•5 views

Nokia NetAct 代码问题漏洞

Nokia NetAct is a network management system from the Finnish company Nokia. A security vulnerability exists in Nokia NetAct version 22, which stems from an arbitrary file upload vulnerability in the parameter /netact/sct...

8.8CVSS8.1AI score0.00952EPSS