CVE-2022-28866
The affected component is Nokia AirFrame BMC Web GUI (R18 firmware) prior to v4.13.00. The issue is improper access control in API endpoints under /#settings/* and /api/settings/*, where requests are not properly validated for permissions. This can allow an attacker to view pages with sensitive d...