SQL Injection Vulnerability in Nokia IMPACT Platform
CVE-2021-35484

8.2HIGH

Key Information:

Vendor: Nokia
Status: IMPACT
Vendor: CVE Published:; 3 March 2026

What is CVE-2021-35484?

The Nokia IMPACT platform, through version 19.11.2.10-20210118042150283, is susceptible to a Time-based Boolean Blind SQL Injection attack. An authenticated user can exploit this vulnerability by manipulating the sortColumn HTTP GET parameter on the endpoint /ui/rest-proxy/campaign/statistic. This exploitation facilitates unauthorized access to sensitive database information, including user credentials, database names, and version details, thereby posing a significant security risk. Organizations utilizing the IMPACT platform should implement necessary security patches and validate inputs to mitigate such vulnerabilities.

References

https://www.nokia.com/networks/solutions/impact-iot-platf...

https://www.nokia.com/notices/responsible-disclosure/

https://www.gruppotim.it/it/footer/red-team/2021/Motive-I...

CVSS V3.1

Score:

8.2

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 3, 2026
Vulnerability Reserved
Jun 24, 2021

CVE-2021-35484 Data

JSON