121 matches found
CVE-2022-28863
CVE-2022-28863 affects Nokia NetAct version 22. The issue allows a remote, authenticated user to upload potentially dangerous files via the /netact/sct parameter with operation=upload in the Site Configuration Tool, without restrictions. The cited documents describe the vulnerable component as th...
CVE-2022-28864
CVE-2022-28864 affects Nokia NetAct 22, specifically the Administration of Measurements web interface. A malicious user can modify the templateName parameter via the endpoints “/aom/html/EditTemplate.jsf” and “/aom/html/ViewAllTemplatesPage.jsf” to inject code, which can be downloaded as a .csv o...
Nokia NetAct 安全漏洞
Nokia NetAct is a network management system from the Finnish company Nokia. A security vulnerability exists in Nokia NetAct version 22 that originates from a vulnerability that allows an attacker to edit or add the templateName parameter to include malicious code, which can then be downloaded as ...
Nokia NetAct 跨站脚本漏洞
Nokia NetAct is a network management system from Nokia of Finland. A security vulnerability exists in Nokia NetAct version 22, which originates from a vulnerability that allows an attacker to change the filename of an uploaded file to include JavaScript code, which is then stored and executed by...
CVE-2022-28865
CVE-2022-28865 affects Nokia NetAct 22 via the Site Configuration Tool. A malicious user can rename an uploaded file with a JavaScript payload, which is stored and later executed by a victim’s browser. The common delivery method is placing the payload in a URL parameter exposed to victims, using ...
CVE-2022-28864
An issue was discovered in Nokia NetAct 22 through the Administration of Measurements website section. A malicious user can edit or add the templateName parameter in order to include malicious code, which is then downloaded as a .csv or .xlsx file and executed on a victim machine. Here, the...
CVE-2023-26057
An XXE issue was discovered in Nokia NetAct before 22 FP2211 via an XML document to the Configuration Dashboard page. Input validation and a proper XML parser configuration are missing. For an external attacker, it is very difficult to exploit this, because a few dynamically created parameters su...
CVE-2023-26058
An XXE issue was discovered in Nokia NetAct before 22 FP2211 via an XML document to a Performance Manager page. Input validation and a proper XML parser configuration are missing. For an external attacker, it is very difficult to exploit this, because a few dynamically created parameters such as...
CVE-2023-26057
An XXE issue was discovered in Nokia NetAct before 22 FP2211 via an XML document to the Configuration Dashboard page. Input validation and a proper XML parser configuration are missing. For an external attacker, it is very difficult to exploit this, because a few dynamically created parameters su...
CVE-2023-26058
An XXE issue was discovered in Nokia NetAct before 22 FP2211 via an XML document to a Performance Manager page. Input validation and a proper XML parser configuration are missing. For an external attacker, it is very difficult to exploit this, because a few dynamically created parameters such as...
Input validation
An XXE issue was discovered in Nokia NetAct before 22 FP2211 via an XML document to the Configuration Dashboard page. Input validation and a proper XML parser configuration are missing. For an external attacker, it is very difficult to exploit this, because a few dynamically created parameters su...
Input validation
An XXE issue was discovered in Nokia NetAct before 22 FP2211 via an XML document to a Performance Manager page. Input validation and a proper XML parser configuration are missing. For an external attacker, it is very difficult to exploit this, because a few dynamically created parameters such as...
Nokia NetAct 代码问题漏洞
Nokia NetAct is a network management system from Nokia, Finland. A security vulnerability exists in Nokia NetAct versions prior to 22 FP2211, which stems from a lack of input validation and proper XML parser configuration...
CVE-2023-26058
An XXE issue was discovered in Nokia NetAct before 22 FP2211 via an XML document to a Performance Manager page. Input validation and a proper XML parser configuration are missing. For an external attacker, it is very difficult to exploit this, because a few dynamically created parameters such as...
Nokia NetAct 代码问题漏洞
Nokia NetAct is a network management system from Nokia, Finland. A security vulnerability exists in Nokia NetAct versions prior to 22 FP2211, which stems from a lack of input validation and proper XML parser configuration...
CVE-2023-26057
The CVE-2023-26057 entry describes an XXE flaw in Nokia NetAct before 22 FP2211, exploitable via an XML document to the Configuration Dashboard page. Root cause: missing input validation and a misconfigured XML parser, potentially allowing access to sensitive data or SSRF when parsing XML. Impact...
CVE-2023-26057
An XXE issue was discovered in Nokia NetAct before 22 FP2211 via an XML document to the Configuration Dashboard page. Input validation and a proper XML parser configuration are missing. For an external attacker, it is very difficult to exploit this, because a few dynamically created parameters su...
CVE-2023-26057
An XXE issue was discovered in Nokia NetAct before 22 FP2211 via an XML document to the Configuration Dashboard page. Input validation and a proper XML parser configuration are missing. For an external attacker, it is very difficult to exploit this, because a few dynamically created parameters su...
CVE-2023-26058
CVE-2023-26058 – Nokia NetAct XXE : Multiple sources confirm an XML External Entity vulnerability in Nokia NetAct prior to 22 FP2211, exploitable via an XML document to a Performance Manager page. The root cause is missing input validation and improper XML parser configuration. Impact is describe...
CVE-2023-26058
An XXE issue was discovered in Nokia NetAct before 22 FP2211 via an XML document to a Performance Manager page. Input validation and a proper XML parser configuration are missing. For an external attacker, it is very difficult to exploit this, because a few dynamically created parameters such as...