CVE-2021-35486 - Vulnerability Analysis
HighCVSS: 8.1Last Updated: March 4, 2026
Nokia IMPACT - Cross Site Request Forgery
Published: March 3, 2026Updated: March 4, 2026Remote Exploitable
Overview
Nokia IMPACT through 19.11.2.10-20210118042150283 contains a cross site request forgery caused by lack of validation of X-CSRF-NONCE header and CSRF-NONCE cookie in /ui/rest-proxy/entity/import, letting remote attackers import and overwrite application configuration, exploit requires victim interaction.
Severity & Score
Severity: High
CVSS Score: 8.1
Impact
Remote attackers can overwrite the entire application configuration, potentially disrupting service or causing denial of service.
Mitigation
Update to the latest version that validates CSRF tokens properly.
References
Related Resources
Details
- CVE ID
- CVE-2021-35486
- Severity
- High
- CVSS Score
- 8.1
- Type
- cross_site_request_forgery
- Status
- unconfirmed
CWE
- CWE-352
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N