Home / Vulnerability Intelligence / CVE-2021-35484

CVE-2021-35484 - Vulnerability Analysis

HighCVSS: 8.2

Last Updated: March 4, 2026

Nokia IMPACT - SQL Injection

Published: March 3, 2026Updated: March 4, 2026Remote Exploitable

Overview

Nokia IMPACT through 19.11.2.10-20210118042150283 contains a SQL injection caused by unsanitized sortColumn HTTP GET parameter in /ui/rest-proxy/campaign/statistic, letting authenticated users access sensitive database information, exploit requires authentication.

Severity & Score

Severity: High

CVSS Score: 8.2

Impact

Authenticated attackers can extract sensitive database information including user, name, and version, potentially leading to data disclosure.

Mitigation

Update to the latest version beyond 19.11.2.10-20210118042150283.

References

https://www.gruppotim.it/it/footer/red-team/2021/Motive-Impact-CVE-2021-35484.html
https://www.nokia.com/networks/solutions/impact-iot-platform/
https://www.nokia.com/notices/responsible-disclosure/

Related Resources

Vulnerability Intelligence Dashboard
Credential Scanner

Details

CVE ID: CVE-2021-35484
Severity: High
CVSS Score: 8.2
Type: sql_injection
Status: unconfirmed

CWE

CWE-89

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N