Vulnerabilities > Nokia

DATE CVE VULNERABILITY TITLE RISK
2022-10-12 CVE-2022-28866 Incorrect Authorization vulnerability in Nokia Airframe BMC web GUI R18 Firmware
Multiple Improper Access Control was discovered in Nokia AirFrame BMC Web GUI < R18 Firmware v4.13.00.
network
low complexity
nokia CWE-863
8.8
2022-09-13 CVE-2022-39815 OS Command Injection vulnerability in Nokia 1350 Optical Management System 14.2
In NOKIA 1350 OMS R14.2, multiple OS Command Injection vulnerabilities occurs.
network
low complexity
nokia CWE-78
critical
9.8
2022-09-13 CVE-2022-39816 Insufficiently Protected Credentials vulnerability in Nokia 1350 Optical Management System 14.2
In NOKIA 1350 OMS R14.2, Insufficiently Protected Credentials (cleartext administrator password) occur in the edit configuration page.
network
low complexity
nokia CWE-522
6.5
2022-09-13 CVE-2022-39817 SQL Injection vulnerability in Nokia 1350 Optical Management System 14.2
In NOKIA 1350 OMS R14.2, multiple SQL Injection vulnerabilities occurs.
network
low complexity
nokia CWE-89
8.8
2022-09-13 CVE-2022-39819 OS Command Injection vulnerability in Nokia 1350 Optical Management System 14.2
In NOKIA 1350 OMS R14.2, multiple OS Command Injection vulnerabilities occurs.
network
low complexity
nokia CWE-78
8.8
2022-09-13 CVE-2022-39821 Information Exposure Through Log Files vulnerability in Nokia 1350 Optical Management System 14.2
In NOKIA 1350 OMS R14.2, an Insertion of Sensitive Information into an Application Log File vulnerability occurs.
network
low complexity
nokia CWE-532
7.5
2022-06-16 CVE-2021-41487 SQL Injection vulnerability in Nokia Vitalsuite 2020
NOKIA VitalSuite SPM 2020 is affected by SQL injection through UserName'.
network
low complexity
nokia CWE-89
7.5
2022-06-14 CVE-2022-30903 Cross-site Scripting vulnerability in Nokia G-2425G-A Firmware 3Fe49362Ijhk42
Nokia "G-2425G-A" Bharti Airtel Routers Hardware version "3FE48299DEAA" Software Version "3FE49362IJHK42" is vulnerable to Cross-Site Scripting (XSS) via the admin->Maintenance>Device Management.
network
nokia CWE-79
3.5
2022-05-25 CVE-2021-35487 SQL Injection vulnerability in Nokia Broadcast Message Center
Nokia Broadcast Message Center through 11.1.0 allows an authenticated user to perform a Boolean Blind SQL Injection attack on the endpoint /owui/block/send-receive-updates (for the Manage Alerts page) via the extIdentifier HTTP POST parameter.
network
low complexity
nokia CWE-89
4.0
2022-02-11 CVE-2021-31932 Unspecified vulnerability in Nokia BTS TRS web Console Ftmw20Fp22019.08.160010
Nokia BTS TRS web console FTM_W20_FP2_2019.08.16_0010 allows Authentication Bypass.
network
low complexity
nokia
7.5