📦

impact_mobile

Vendor: nokia

Login to add this product to WatchStack
Actively Exploited 0 CISA KEV List
PoC / Exploits 0 Code Available
Total RCEs 1 Remote Access
Total CVEs 4 Total Indexed
Avg. EPSS 0.04% Exploit Prob.
Latest CVE CVE-2023-31044 Mar 03

Security Vulnerability Index

Page 1 / 1
2.0 CVSS
CVE-2023-31044
RCE

An issue was discovered in Nokia Impact before Mobile 23_FP1. In Impact DM 19.11 onwards, a remote authenticated user, using the Add Campaign functionality, can inject a malicious payload within the Campaign Name. This data can be exported to a CSV file. Attackers can populate data fields that may attempt data exfiltration or other malicious activity when automatically executed by the spreadsheet software.

EPSS: 0.05%
8.1 CVSS
CVE-2021-35486

A Cross-Site Request Forgery (CSRF) vulnerability in Nokia IMPACT through 19.11.2.10-20210118042150283 allows a remote attacker to import and overwrite the entire application configuration. Specifically, in /ui/rest-proxy/entity/import, neither the X-CSRF-NONCE HTTP header nor the CSRF-NONCE cookie is validated.

EPSS: 0.03%