Lucene search
K

121 matches found

CVE
CVE
added 2023/07/24 12:0 a.m.67 views

CVE-2022-28867

CVE-2022-28867 affects Nokia NetAct 22 in the Administration of Measurements web UI. A malicious user can edit or add the templateName parameter to inject JavaScript, which is then stored and executed in the victim’s browser. Endpoints involved: /aom/html/EditTemplate.jsf and /aom/html/ViewAllTem...

5.4CVSS5.4AI score0.00389EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2023/07/24 12:0 a.m.62 views

CVE-2022-30280

Nokia NetAct 22 exposes a CSRF vulnerability at /SecurityManagement/html/createuser.jsf that lets remote attackers create users with arbitrary, including administrative, privileges. The app does not verify CSRF tokens, enabling exploitation via social engineering; impact ranges from unauthorized ...

8.8CVSS8.6AI score0.00381EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2023/07/24 12:0 a.m.62 views

CVE-2022-28863

CVE-2022-28863 affects Nokia NetAct version 22. The issue allows a remote, authenticated user to upload potentially dangerous files via the /netact/sct parameter with operation=upload in the Site Configuration Tool, without restrictions. The cited documents describe the vulnerable component as th...

8.8CVSS8.5AI score0.00952EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2023/07/24 12:0 a.m.57 views

CVE-2022-28864

CVE-2022-28864 affects Nokia NetAct 22, specifically the Administration of Measurements web interface. A malicious user can modify the templateName parameter via the endpoints “/aom/html/EditTemplate.jsf” and “/aom/html/ViewAllTemplatesPage.jsf” to inject code, which can be downloaded as a .csv o...

8.8CVSS8.5AI score0.00859EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2023/07/24 12:0 a.m.53 views

CVE-2022-28865

CVE-2022-28865 affects Nokia NetAct 22 via the Site Configuration Tool. A malicious user can rename an uploaded file with a JavaScript payload, which is stored and later executed by a victim’s browser. The common delivery method is placing the payload in a URL parameter exposed to victims, using ...

5.4CVSS5.4AI score0.00389EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologies
added 2023/07/24 12:0 a.m.7 views

PT-2023-12999 · Nokia · Nokia Netact

Name of the Vulnerable Software and Affected Versions: Nokia NetAct version 22 Description: The issue concerns a CSRF vulnerability in the /SecurityManagement/html/createuser.jsf endpoint. A remote attacker can create users with arbitrary privileges, including administrative privileges, due to th...

8.8CVSS8.5AI score0.00381EPSS
Exploits1References5
NVD
NVD
added 2023/04/25 1:15 p.m.26 views

CVE-2023-26058

An XXE issue was discovered in Nokia NetAct before 22 FP2211 via an XML document to a Performance Manager page. Input validation and a proper XML parser configuration are missing. For an external attacker, it is very difficult to exploit this, because a few dynamically created parameters such as...

6.5CVSS6.4AI score0.00486EPSS
Exploits0References2
OSV
OSV
added 2023/04/25 1:15 p.m.5 views

CVE-2023-26057

An XXE issue was discovered in Nokia NetAct before 22 FP2211 via an XML document to the Configuration Dashboard page. Input validation and a proper XML parser configuration are missing. For an external attacker, it is very difficult to exploit this, because a few dynamically created parameters su...

6.5CVSS6.6AI score0.00486EPSS
Exploits0References2
NVD
NVD
added 2023/04/25 1:15 p.m.33 views

CVE-2023-26057

An XXE issue was discovered in Nokia NetAct before 22 FP2211 via an XML document to the Configuration Dashboard page. Input validation and a proper XML parser configuration are missing. For an external attacker, it is very difficult to exploit this, because a few dynamically created parameters su...

6.5CVSS6.4AI score0.00486EPSS
Exploits0References2
OSV
OSV
added 2023/04/25 1:15 p.m.8 views

CVE-2023-26058

An XXE issue was discovered in Nokia NetAct before 22 FP2211 via an XML document to a Performance Manager page. Input validation and a proper XML parser configuration are missing. For an external attacker, it is very difficult to exploit this, because a few dynamically created parameters such as...

6.5CVSS5.7AI score0.00486EPSS
Exploits0References2
Prion
Prion
added 2023/04/25 1:15 p.m.21 views

Input validation

An XXE issue was discovered in Nokia NetAct before 22 FP2211 via an XML document to the Configuration Dashboard page. Input validation and a proper XML parser configuration are missing. For an external attacker, it is very difficult to exploit this, because a few dynamically created parameters su...

4CVSS6.4AI score0.00486EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2023/04/25 1:15 p.m.17 views

Input validation

An XXE issue was discovered in Nokia NetAct before 22 FP2211 via an XML document to a Performance Manager page. Input validation and a proper XML parser configuration are missing. For an external attacker, it is very difficult to exploit this, because a few dynamically created parameters such as...

4CVSS6.4AI score0.00486EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2023/04/25 12:0 a.m.31 views

CVE-2023-26057

An XXE issue was discovered in Nokia NetAct before 22 FP2211 via an XML document to the Configuration Dashboard page. Input validation and a proper XML parser configuration are missing. For an external attacker, it is very difficult to exploit this, because a few dynamically created parameters su...

6.5CVSS6.6AI score0.00486EPSS
Exploits0References2
CVE
CVE
added 2023/04/25 12:0 a.m.47 views

CVE-2023-26057

The CVE-2023-26057 entry describes an XXE flaw in Nokia NetAct before 22 FP2211, exploitable via an XML document to the Configuration Dashboard page. Root cause: missing input validation and a misconfigured XML parser, potentially allowing access to sensitive data or SSRF when parsing XML. Impact...

6.5CVSS6.4AI score0.00486EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2023/04/25 12:0 a.m.48 views

CVE-2023-26058

CVE-2023-26058 – Nokia NetAct XXE : Multiple sources confirm an XML External Entity vulnerability in Nokia NetAct prior to 22 FP2211, exploitable via an XML document to a Performance Manager page. The root cause is missing input validation and improper XML parser configuration. Impact is describe...

6.5CVSS6.4AI score0.00486EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2023/04/25 12:0 a.m.6 views

Nokia NetAct 代码问题漏洞

Nokia NetAct is a network management system from Nokia, Finland. A security vulnerability exists in Nokia NetAct versions prior to 22 FP2211, which stems from a lack of input validation and proper XML parser configuration...

6.5CVSS6.5AI score0.00486EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2023/04/25 12:0 a.m.7 views

CVE-2023-26057

An XXE issue was discovered in Nokia NetAct before 22 FP2211 via an XML document to the Configuration Dashboard page. Input validation and a proper XML parser configuration are missing. For an external attacker, it is very difficult to exploit this, because a few dynamically created parameters su...

6.5CVSS6.5AI score0.00486EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2023/04/25 12:0 a.m.9 views

CVE-2023-26058

An XXE issue was discovered in Nokia NetAct before 22 FP2211 via an XML document to a Performance Manager page. Input validation and a proper XML parser configuration are missing. For an external attacker, it is very difficult to exploit this, because a few dynamically created parameters such as...

6.5CVSS6.5AI score0.00486EPSS
Exploits0References2
Cvelist
Cvelist
added 2023/04/25 12:0 a.m.30 views

CVE-2023-26058

An XXE issue was discovered in Nokia NetAct before 22 FP2211 via an XML document to a Performance Manager page. Input validation and a proper XML parser configuration are missing. For an external attacker, it is very difficult to exploit this, because a few dynamically created parameters such as...

6.5CVSS6.6AI score0.00486EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/04/25 12:0 a.m.5 views

Nokia NetAct 代码问题漏洞

Nokia NetAct is a network management system from Nokia, Finland. A security vulnerability exists in Nokia NetAct versions prior to 22 FP2211, which stems from a lack of input validation and proper XML parser configuration...

6.5CVSS6.5AI score0.00486EPSS
Exploits0References4
Rows per page
Query Builder