CVE-2022-39817

8.8HIGH

Key Information:

Vendor: Nokia
Status: 1350 Optical Management System
Vendor: CVE Published:; 13 September 2022

Summary

In NOKIA 1350 OMS R14.2, multiple SQL Injection vulnerabilities occurs. Exploitation requires an authenticated attacker. Through the injection of arbitrary SQL statements, a potential authenticated attacker can modify query syntax and perform unauthorized (and unexpected) operations against the remote database.

References

https://www.gruppotim.it/it/footer/red-team.html

x_refsource_MISC

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 13, 2022
Vulnerability Reserved
Sep 5, 2022

Collectors

NVD DatabaseMitre Database