Lucene search
K
NokiaNetact

12 matches found

CVE
CVE
added 2023/07/24 12:0 a.m.62 views

CVE-2022-28863

CVE-2022-28863 affects Nokia NetAct version 22. The issue allows a remote, authenticated user to upload potentially dangerous files via the /netact/sct parameter with operation=upload in the Site Configuration Tool, without restrictions. The cited documents describe the vulnerable component as th...

8.8CVSS8.5AI score0.00952EPSS
Web
CVE
CVE
added 2023/07/24 12:0 a.m.61 views

CVE-2022-28867

CVE-2022-28867 affects Nokia NetAct 22 in the Administration of Measurements web UI. A malicious user can edit or add the templateName parameter to inject JavaScript, which is then stored and executed in the victim’s browser. Endpoints involved: /aom/html/EditTemplate.jsf and /aom/html/ViewAllTem...

5.4CVSS5.4AI score0.00389EPSS
Web
CVE
CVE
added 2023/07/24 12:0 a.m.61 views

CVE-2022-30280

Nokia NetAct 22 exposes a CSRF vulnerability at /SecurityManagement/html/createuser.jsf that lets remote attackers create users with arbitrary, including administrative, privileges. The app does not verify CSRF tokens, enabling exploitation via social engineering; impact ranges from unauthorized ...

8.8CVSS8.6AI score0.00381EPSS
CVE
CVE
added 2023/07/24 12:0 a.m.57 views

CVE-2022-28864

CVE-2022-28864 affects Nokia NetAct 22, specifically the Administration of Measurements web interface. A malicious user can modify the templateName parameter via the endpoints “/aom/html/EditTemplate.jsf” and “/aom/html/ViewAllTemplatesPage.jsf” to inject code, which can be downloaded as a .csv o...

8.8CVSS8.5AI score0.00859EPSS
Web
CVE
CVE
added 2023/04/24 12:0 a.m.55 views

CVE-2023-26059

Summary of CVE-2023-26059 (Nokia NetAct) An issue exists in Nokia NetAct before 22 SP1037 related to the Site Configuration Tool, where the upload option for ZIP files does not validate contents. When processed, this enables a Stored XSS vulnerability within the tool. The affected environment is ...

6.8CVSS5.4AI score0.00371EPSS
CVE
CVE
added 2021/03/25 6:56 p.m.53 views

CVE-2021-26597

CVE-2021-26597 affects Nokia NetAct 18A. A remote user authenticated to the NetAct Web Page can upload arbitrary files via the Site Configuration Tool’s /netact/sct parameter with operation=upload, enabling potentially dangerous file uploads. According to NVD, CVSS v3.1 base score 6.5 (PR:L, I:H)...

6.5CVSS6.4AI score0.01437EPSS
Web
CVE
CVE
added 2023/07/24 12:0 a.m.53 views

CVE-2022-28865

CVE-2022-28865 affects Nokia NetAct 22 via the Site Configuration Tool. A malicious user can rename an uploaded file with a JavaScript payload, which is stored and later executed by a victim’s browser. The common delivery method is placing the payload in a URL parameter exposed to victims, using ...

5.4CVSS5.4AI score0.00389EPSS
Web
CVE
CVE
added 2021/03/25 6:56 p.m.52 views

CVE-2021-26596

The CVE-2021-26596 entry concerns Nokia NetAct 18A. A vulnerability exists where a malicious user can change the filename of an uploaded file to include JavaScript code, which is then stored and executed by a victim’s web browser. The attack is typically delivered by placing the malicious content...

5.4CVSS5.4AI score0.00737EPSS
Web
CVE
CVE
added 2023/04/25 12:0 a.m.47 views

CVE-2023-26058

CVE-2023-26058 – Nokia NetAct XXE : Multiple sources confirm an XML External Entity vulnerability in Nokia NetAct prior to 22 FP2211, exploitable via an XML document to a Performance Manager page. The root cause is missing input validation and improper XML parser configuration. Impact is describe...

6.5CVSS6.4AI score0.00486EPSS
CVE
CVE
added 2023/04/24 12:0 a.m.47 views

CVE-2023-26060

CVE-2023-26060 affects Nokia NetAct prior to 22 FP2211. The issue is a lack of input validation when creating a Working Set on the Working Set Manager page, allowing a client-side template injection payload in the set name. Exploitation is realistically limited to internal users due to required d...

8.8CVSS8.7AI score0.0059EPSS
CVE
CVE
added 2023/04/25 12:0 a.m.45 views

CVE-2023-26057

The CVE-2023-26057 entry describes an XXE flaw in Nokia NetAct before 22 FP2211, exploitable via an XML document to the Configuration Dashboard page. Root cause: missing input validation and a misconfigured XML parser, potentially allowing access to sensitive data or SSRF when parsing XML. Impact...

6.5CVSS6.4AI score0.00486EPSS
CVE
CVE
added 2023/04/24 12:0 a.m.43 views

CVE-2023-26061

Nokia NetAct

6.8CVSS5.4AI score0.00371EPSS