Nokia: Security Vulnerabilities
Nokia MantaRay NM is vulnerable to an OS command injection vulnerability due to improper neutralization of special elements used in an OS command in Symptom Collector application.
CVSS Score
8.0
EPSS Score
0.001
Published
2026-04-07
Nokia MantaRay NM is vulnerable to an OS command injection vulnerability due to improper neutralization of special elements used in an OS command in Log Search application.
CVSS Score
8.0
EPSS Score
0.001
Published
2026-04-07
Nokia MantaRay NM is vulnerable to a Relative Path Traversal vulnerability due to improper validation of input parameter on the file system in Software Manager application.
CVSS Score
5.7
EPSS Score
0.0
Published
2026-04-07
A Cross-Site Request Forgery (CSRF) vulnerability in Nokia IMPACT through 19.11.2.10-20210118042150283 allows a remote attacker to import and overwrite the entire application configuration. Specifically, in /ui/rest-proxy/entity/import, neither the X-CSRF-NONCE HTTP header nor the CSRF-NONCE cookie is validated.
CVSS Score
8.1
EPSS Score
0.0
Published
2026-03-03
An issue was discovered in Nokia Impact before Mobile 23_FP1. In Impact DM 19.11 onwards, a remote authenticated user, using the Add Campaign functionality, can inject a malicious payload within the Campaign Name. This data can be exported to a CSV file. Attackers can populate data fields that may attempt data exfiltration or other malicious activity when automatically executed by the spreadsheet software.
CVSS Score
2.0
EPSS Score
0.0
Published
2026-03-03
The Applications component of Nokia IMPACT version through 19.11.2.10-20210118042150283 allows an authenticated user to arbitrarily upload JavaScript files via the /ui/rest-proxy/application fileupload parameter. This can occur during the adding of a new application, or during the editing of an existing one. If an authenticated user visits the web page where the file is published, the JavaScript code is executed.
CVSS Score
4.1
EPSS Score
0.0
Published
2026-03-03
Nokia IMPACT through 19.11.2.10-20210118042150283 allows an authenticated user to perform a Time-based Boolean Blind SQL Injection attack on the endpoint /ui/rest-proxy/campaign/statistic (for the View Campaign page) via the sortColumn HTTP GET parameter. This allows an attacker to access sensitive data from the database and obtain access to the database user, database name, and database version information.
CVSS Score
8.2
EPSS Score
0.0
Published
2026-03-03
The Applications component of Nokia IMPACT version through 19.11.2.10-20210118042150283 allows an authenticated user to arbitrarily upload server-side executable files via the /ui/rest-proxy/application fileupload parameter. This can occur during the adding of a new application, or during the editing of an existing one.
CVSS Score
8.0
EPSS Score
0.001
Published
2026-03-03
Infinera DNA is vulnerable to a time-based SQL injection vulnerability due to insufficient input validation, which may result in leaking of sensitive information.
CVSS Score
6.3
EPSS Score
0.0
Published
2026-02-05
An issue was discovered in the Delight Custom Firmware (CFW) for Nokia Symbian Belle devices on Nokia 808 (Delight v1.8), Nokia N8 (Delight v6.7), Nokia E7 (Delight v1.3), Nokia C7 (Delight v6.7), Nokia 700 (Delight v1.2), Nokia 701 (Delight v1.1), Nokia 603 (Delight v1.0), Nokia 500 (Delight v1.2), Nokia E6 (Delight v1.0), Nokia Oro (Delight v1.0), and Vertu Constellation T (Delight v1.0) allowing local attackers to inject startup scripts via crafted .txt files in the :\Data directory.
CVSS Score
5.1
EPSS Score
0.0
Published
2025-12-26
Page 1