Lucene search
K

121 matches found

CVE
CVE
added 2023/07/24 12:0 a.m.57 views

CVE-2022-28863

CVE-2022-28863 affects Nokia NetAct version 22. The issue allows a remote, authenticated user to upload potentially dangerous files via the /netact/sct parameter with operation=upload in the Site Configuration Tool, without restrictions. The cited documents describe the vulnerable component as th...

8.8CVSS8.5AI score0.00952EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2023/07/24 12:0 a.m.55 views

CVE-2022-28864

CVE-2022-28864 affects Nokia NetAct 22, specifically the Administration of Measurements web interface. A malicious user can modify the templateName parameter via the endpoints “/aom/html/EditTemplate.jsf” and “/aom/html/ViewAllTemplatesPage.jsf” to inject code, which can be downloaded as a .csv o...

8.8CVSS8.5AI score0.00859EPSS
Exploits1References2Affected Software1
CNNVD
CNNVD
added 2023/07/24 12:0 a.m.6 views

Nokia NetAct 安全漏洞

Nokia NetAct is a network management system from the Finnish company Nokia. A security vulnerability exists in Nokia NetAct version 22 that originates from a vulnerability that allows an attacker to edit or add the templateName parameter to include malicious code, which can then be downloaded as ...

8.8CVSS8AI score0.00859EPSS
Exploits1References3
CNNVD
CNNVD
added 2023/07/24 12:0 a.m.6 views

Nokia NetAct 跨站脚本漏洞

Nokia NetAct is a network management system from Nokia of Finland. A security vulnerability exists in Nokia NetAct version 22, which originates from a vulnerability that allows an attacker to change the filename of an uploaded file to include JavaScript code, which is then stored and executed by...

5.4CVSS5.7AI score0.00389EPSS
Exploits1References3
CVE
CVE
added 2023/07/24 12:0 a.m.52 views

CVE-2022-28865

CVE-2022-28865 affects Nokia NetAct 22 via the Site Configuration Tool. A malicious user can rename an uploaded file with a JavaScript payload, which is stored and later executed by a victim’s browser. The common delivery method is placing the payload in a URL parameter exposed to victims, using ...

5.4CVSS5.4AI score0.00389EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2023/07/24 12:0 a.m.16 views

CVE-2022-28864

An issue was discovered in Nokia NetAct 22 through the Administration of Measurements website section. A malicious user can edit or add the templateName parameter in order to include malicious code, which is then downloaded as a .csv or .xlsx file and executed on a victim machine. Here, the...

6.8AI score0.00859EPSS
Exploits1References2
OSV
OSV
added 2023/04/25 1:15 p.m.4 views

CVE-2023-26057

An XXE issue was discovered in Nokia NetAct before 22 FP2211 via an XML document to the Configuration Dashboard page. Input validation and a proper XML parser configuration are missing. For an external attacker, it is very difficult to exploit this, because a few dynamically created parameters su...

6.5CVSS6.6AI score0.00486EPSS
Exploits0References2
OSV
OSV
added 2023/04/25 1:15 p.m.7 views

CVE-2023-26058

An XXE issue was discovered in Nokia NetAct before 22 FP2211 via an XML document to a Performance Manager page. Input validation and a proper XML parser configuration are missing. For an external attacker, it is very difficult to exploit this, because a few dynamically created parameters such as...

6.5CVSS5.7AI score0.00486EPSS
Exploits0References2
NVD
NVD
added 2023/04/25 1:15 p.m.18 views

CVE-2023-26057

An XXE issue was discovered in Nokia NetAct before 22 FP2211 via an XML document to the Configuration Dashboard page. Input validation and a proper XML parser configuration are missing. For an external attacker, it is very difficult to exploit this, because a few dynamically created parameters su...

6.5CVSS6.4AI score0.00486EPSS
Exploits0References2
NVD
NVD
added 2023/04/25 1:15 p.m.16 views

CVE-2023-26058

An XXE issue was discovered in Nokia NetAct before 22 FP2211 via an XML document to a Performance Manager page. Input validation and a proper XML parser configuration are missing. For an external attacker, it is very difficult to exploit this, because a few dynamically created parameters such as...

6.5CVSS6.4AI score0.00486EPSS
Exploits0References2
Prion
Prion
added 2023/04/25 1:15 p.m.21 views

Input validation

An XXE issue was discovered in Nokia NetAct before 22 FP2211 via an XML document to the Configuration Dashboard page. Input validation and a proper XML parser configuration are missing. For an external attacker, it is very difficult to exploit this, because a few dynamically created parameters su...

4CVSS6.4AI score0.00486EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2023/04/25 1:15 p.m.17 views

Input validation

An XXE issue was discovered in Nokia NetAct before 22 FP2211 via an XML document to a Performance Manager page. Input validation and a proper XML parser configuration are missing. For an external attacker, it is very difficult to exploit this, because a few dynamically created parameters such as...

4CVSS6.4AI score0.00486EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2023/04/25 12:0 a.m.4 views

Nokia NetAct 代码问题漏洞

Nokia NetAct is a network management system from Nokia, Finland. A security vulnerability exists in Nokia NetAct versions prior to 22 FP2211, which stems from a lack of input validation and proper XML parser configuration...

6.5CVSS6.5AI score0.00486EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2023/04/25 12:0 a.m.9 views

CVE-2023-26058

An XXE issue was discovered in Nokia NetAct before 22 FP2211 via an XML document to a Performance Manager page. Input validation and a proper XML parser configuration are missing. For an external attacker, it is very difficult to exploit this, because a few dynamically created parameters such as...

6.5CVSS6.5AI score0.00486EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/04/25 12:0 a.m.3 views

Nokia NetAct 代码问题漏洞

Nokia NetAct is a network management system from Nokia, Finland. A security vulnerability exists in Nokia NetAct versions prior to 22 FP2211, which stems from a lack of input validation and proper XML parser configuration...

6.5CVSS6.5AI score0.00486EPSS
Exploits0References4
CVE
CVE
added 2023/04/25 12:0 a.m.45 views

CVE-2023-26057

The CVE-2023-26057 entry describes an XXE flaw in Nokia NetAct before 22 FP2211, exploitable via an XML document to the Configuration Dashboard page. Root cause: missing input validation and a misconfigured XML parser, potentially allowing access to sensitive data or SSRF when parsing XML. Impact...

6.5CVSS6.4AI score0.00486EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2023/04/25 12:0 a.m.7 views

CVE-2023-26057

An XXE issue was discovered in Nokia NetAct before 22 FP2211 via an XML document to the Configuration Dashboard page. Input validation and a proper XML parser configuration are missing. For an external attacker, it is very difficult to exploit this, because a few dynamically created parameters su...

6.5CVSS6.5AI score0.00486EPSS
Exploits0References2
Cvelist
Cvelist
added 2023/04/25 12:0 a.m.19 views

CVE-2023-26057

An XXE issue was discovered in Nokia NetAct before 22 FP2211 via an XML document to the Configuration Dashboard page. Input validation and a proper XML parser configuration are missing. For an external attacker, it is very difficult to exploit this, because a few dynamically created parameters su...

6.5CVSS6.6AI score0.00486EPSS
Exploits0References2
CVE
CVE
added 2023/04/25 12:0 a.m.47 views

CVE-2023-26058

CVE-2023-26058 – Nokia NetAct XXE : Multiple sources confirm an XML External Entity vulnerability in Nokia NetAct prior to 22 FP2211, exploitable via an XML document to a Performance Manager page. The root cause is missing input validation and improper XML parser configuration. Impact is describe...

6.5CVSS6.4AI score0.00486EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2023/04/25 12:0 a.m.20 views

CVE-2023-26058

An XXE issue was discovered in Nokia NetAct before 22 FP2211 via an XML document to a Performance Manager page. Input validation and a proper XML parser configuration are missing. For an external attacker, it is very difficult to exploit this, because a few dynamically created parameters such as...

6.5CVSS6.6AI score0.00486EPSS
Exploits0References2
Rows per page
Query Builder