Filtered by vendor Nokia
Subscriptions
Filtered by product 1350 Optical Management System
Subscriptions
Total
10 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-40715 | 1 Nokia | 1 1350 Optical Management System | 2024-11-21 | 6.5 Medium |
| An issue was discovered in NOKIA 1350OMS R14.2. An Absolute Path Traversal vulnerability exists for a specific endpoint via the logfile parameter, allowing a remote authenticated attacker to read files on the filesystem arbitrarily. | ||||
| CVE-2022-40714 | 1 Nokia | 1 1350 Optical Management System | 2024-11-21 | 6.1 Medium |
| An issue was discovered in NOKIA 1350OMS R14.2. Reflected XSS exists under different /oms1350/* endpoints. | ||||
| CVE-2022-40713 | 1 Nokia | 1 1350 Optical Management System | 2024-11-21 | 6.5 Medium |
| An issue was discovered in NOKIA 1350OMS R14.2. Multiple Relative Path Traversal issues exist in different specific endpoints via the file parameter, allowing a remote authenticated attacker to read files on the filesystem arbitrarily. | ||||
| CVE-2022-40712 | 1 Nokia | 1 1350 Optical Management System | 2024-11-21 | 6.1 Medium |
| An issue was discovered in NOKIA 1350OMS R14.2. Reflected XSS exists under different /cgi-bin/R14.2* endpoints. | ||||
| CVE-2022-39821 | 1 Nokia | 1 1350 Optical Management System | 2024-11-21 | 7.5 High |
| In NOKIA 1350 OMS R14.2, an Insertion of Sensitive Information into an Application Log File vulnerability occurs. The web application stores critical information, such as cleartext user credentials, in world-readable files in the filesystem. | ||||
| CVE-2022-39819 | 1 Nokia | 1 1350 Optical Management System | 2024-11-21 | 8.8 High |
| In NOKIA 1350 OMS R14.2, multiple OS Command Injection vulnerabilities occurs. This allows authenticated users to execute commands on the operating system. | ||||
| CVE-2022-39817 | 1 Nokia | 1 1350 Optical Management System | 2024-11-21 | 8.8 High |
| In NOKIA 1350 OMS R14.2, multiple SQL Injection vulnerabilities occurs. Exploitation requires an authenticated attacker. Through the injection of arbitrary SQL statements, a potential authenticated attacker can modify query syntax and perform unauthorized (and unexpected) operations against the remote database. | ||||
| CVE-2022-39816 | 1 Nokia | 1 1350 Optical Management System | 2024-11-21 | 6.5 Medium |
| In NOKIA 1350 OMS R14.2, Insufficiently Protected Credentials (cleartext administrator password) occur in the edit configuration page. Exploitation requires an authenticated attacker. | ||||
| CVE-2022-39815 | 1 Nokia | 1 1350 Optical Management System | 2024-11-21 | 9.8 Critical |
| In NOKIA 1350 OMS R14.2, multiple OS Command Injection vulnerabilities occurs. This vulnerability allow unauthenticated users to execute commands on the operating system. | ||||
| CVE-2022-39814 | 1 Nokia | 1 1350 Optical Management System | 2024-11-21 | 6.1 Medium |
| In NOKIA 1350 OMS R14.2, an Open Redirect vulnerability occurs is the login page via next HTTP GET parameter. | ||||
Page 1 of 1.