7 matches found
CVE-2022-43675
CVE-2022-43675 (Nokia NFM-T R19.9) is a reflected XSS in the Network Element Manager. The issue affects NOKIA NFM-T vR19.9, with vulnerability in the Network Element Manager exposed via endpoints: "/oms1350/pages/otn/cpbLogDisplay" (filename parameter), "/oms1350/pages/otn/connection/E2ERoutingDi...
CVE-2022-41762
Nokia NFM-T R19.9 is affected by multiple reflected XSS vulnerabilities in the Network Element Manager. The issue arises through user-supplied input to log.pl, top.pl (bench/pid), and easy1350.pl (id). Root cause is reflected XSS in these scripts. Impact is web-context scripting upon successful e...
CVE-2022-39820
CVE-2022-39820 corresponds to an unprotected storage of credentials vulnerability in Nokia NFM-T R19.9. The issue allows a remote, OS-authenticated user with access to /root or /DEPOT to read cleartext credentials under /root/RestUploadManager.xml.DRC and /DEPOT/KECustom_199/OTNE_DRC/RestUploadMa...
CVE-2022-39822
Summary: CVE-2022-39822 is a SQL injection vulnerability affecting Nokia NFM-T R19.9, specifically in the VM Manager WebUI at /cgi-bin/R19.9/easy1350.pl. The issue can be triggered via the HTTP GET parameters id or host, and exploitation requires an authenticated attacker. The available connected...
CVE-2022-41760
CVE-2022-41760 concerns Nokia NFM-T R19.9. Affected: Nokia NFM-T Network Element Manager. Vulnerability: Relative Path Traversal under /oms1350/data/cpb/log via the filename parameter, allowing a remote authenticated attacker to read arbitrary files. Connected sources corroborate the issue across...
CVE-2022-39818
CVE-2022-39818 affects Nokia NFM-T R19.9: OS Command Injection in the VM Manager WebUI at /cgi-bin/R19.9/log.pl reachable via the cmd HTTP GET parameter. The vulnerability allows authenticated users to execute commands with root privileges on the underlying OS. Affected component is the VM Manage...
CVE-2022-41761
The issue is an Absolute Path Traversal in Nokia NFM-T R19.9 VM Manager WebUI. Affected component is the endpoint /cgi-bin/R19.9/viewlog.pl, exploitable via the logfile parameter by an authenticated remote attacker to read arbitrary files. Root cause is path traversal in that endpoint; no public ...