Lucene search
K
NokiaNetwork Functions Manager For Transport

7 matches found

CVE
CVE
added 2023/12/25 12:0 a.m.51 views

CVE-2022-43675

CVE-2022-43675 (Nokia NFM-T R19.9) is a reflected XSS in the Network Element Manager. The issue affects NOKIA NFM-T vR19.9, with vulnerability in the Network Element Manager exposed via endpoints: "/oms1350/pages/otn/cpbLogDisplay" (filename parameter), "/oms1350/pages/otn/connection/E2ERoutingDi...

6.1CVSS5.9AI score0.0037EPSS
Web
CVE
CVE
added 2023/12/25 12:0 a.m.50 views

CVE-2022-41762

Nokia NFM-T R19.9 is affected by multiple reflected XSS vulnerabilities in the Network Element Manager. The issue arises through user-supplied input to log.pl, top.pl (bench/pid), and easy1350.pl (id). Root cause is reflected XSS in these scripts. Impact is web-context scripting upon successful e...

6.1CVSS6.1AI score0.0037EPSS
CVE
CVE
added 2023/12/25 12:0 a.m.49 views

CVE-2022-39820

CVE-2022-39820 corresponds to an unprotected storage of credentials vulnerability in Nokia NFM-T R19.9. The issue allows a remote, OS-authenticated user with access to /root or /DEPOT to read cleartext credentials under /root/RestUploadManager.xml.DRC and /DEPOT/KECustom_199/OTNE_DRC/RestUploadMa...

6.5CVSS6.4AI score0.00631EPSS
CVE
CVE
added 2023/12/25 12:0 a.m.46 views

CVE-2022-39822

Summary: CVE-2022-39822 is a SQL injection vulnerability affecting Nokia NFM-T R19.9, specifically in the VM Manager WebUI at /cgi-bin/R19.9/easy1350.pl. The issue can be triggered via the HTTP GET parameters id or host, and exploitation requires an authenticated attacker. The available connected...

8.8CVSS8.8AI score0.00618EPSS
Web
CVE
CVE
added 2023/12/25 12:0 a.m.46 views

CVE-2022-41760

CVE-2022-41760 concerns Nokia NFM-T R19.9. Affected: Nokia NFM-T Network Element Manager. Vulnerability: Relative Path Traversal under /oms1350/data/cpb/log via the filename parameter, allowing a remote authenticated attacker to read arbitrary files. Connected sources corroborate the issue across...

6.5CVSS6.2AI score0.008EPSS
Web
CVE
CVE
added 2023/12/25 12:0 a.m.42 views

CVE-2022-39818

CVE-2022-39818 affects Nokia NFM-T R19.9: OS Command Injection in the VM Manager WebUI at /cgi-bin/R19.9/log.pl reachable via the cmd HTTP GET parameter. The vulnerability allows authenticated users to execute commands with root privileges on the underlying OS. Affected component is the VM Manage...

8.8CVSS8.8AI score0.02237EPSS
Web
CVE
CVE
added 2023/12/25 12:0 a.m.40 views

CVE-2022-41761

The issue is an Absolute Path Traversal in Nokia NFM-T R19.9 VM Manager WebUI. Affected component is the endpoint /cgi-bin/R19.9/viewlog.pl, exploitable via the logfile parameter by an authenticated remote attacker to read arbitrary files. Root cause is path traversal in that endpoint; no public ...

6.5CVSS6.2AI score0.008EPSS
Web