SQL Injection Vulnerability in NOKIA VitalSuite SPM 2020
CVE-2021-41487

9.8CRITICAL

Key Information:

Vendor: Nokia
Status: Vitalsuite
Vendor: CVE Published:; 16 June 2022

Summary

NOKIA VitalSuite SPM 2020 is vulnerable to SQL injection attacks due to insufficient input validation on the UserName parameter. This can allow an attacker to manipulate SQL queries, potentially leading to unauthorized access to sensitive data and compromising application security. Organizations using this software are advised to apply necessary security patches and review their input validation processes to mitigate this risk.

References

https://www.exploit-db.com/exploits/48528

x_refsource_MISC

https://twitter.com/exploitdb/status/1265973982936748032

x_refsource_MISC

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 16, 2022
Vulnerability Reserved
Sep 20, 2021