Boolean Blind SQL Injection Vulnerability in Nokia Broadcast Message Center
CVE-2021-35487

6.5MEDIUM

Key Information:

Vendor

Nokia
Status
Broadcast Message Center
Vendor
CVE Published:
25 May 2022

What is CVE-2021-35487?

The Nokia Broadcast Message Center, up to version 11.1.0, contains a vulnerability that allows an authenticated user to execute a Boolean Blind SQL Injection attack. This occurs on the endpoint /owui/block/send-receive-updates, particularly on the Manage Alerts page via the extIdentifier HTTP POST parameter. Successful exploitation can reveal sensitive information such as the database user, database name, version details, and potentially expose data residing in the database.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://www.nokia.com/notices/responsible-disclosure/
x_refsource_MISC
https://www.gruppotim.it/it/footer/red-team.html
x_refsource_MISC

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.