Vulnerabilities (CVE)

Filtered by vendor Nokia Subscribe
Filtered by product 1350 Optical Management System
Total 10 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-40715 1 Nokia 1 1350 Optical Management System 2024-11-21 N/A 6.5 MEDIUM
An issue was discovered in NOKIA 1350OMS R14.2. An Absolute Path Traversal vulnerability exists for a specific endpoint via the logfile parameter, allowing a remote authenticated attacker to read files on the filesystem arbitrarily.
CVE-2022-40714 1 Nokia 1 1350 Optical Management System 2024-11-21 N/A 6.1 MEDIUM
An issue was discovered in NOKIA 1350OMS R14.2. Reflected XSS exists under different /oms1350/* endpoints.
CVE-2022-40713 1 Nokia 1 1350 Optical Management System 2024-11-21 N/A 6.5 MEDIUM
An issue was discovered in NOKIA 1350OMS R14.2. Multiple Relative Path Traversal issues exist in different specific endpoints via the file parameter, allowing a remote authenticated attacker to read files on the filesystem arbitrarily.
CVE-2022-40712 1 Nokia 1 1350 Optical Management System 2024-11-21 N/A 6.1 MEDIUM
An issue was discovered in NOKIA 1350OMS R14.2. Reflected XSS exists under different /cgi-bin/R14.2* endpoints.
CVE-2022-39821 1 Nokia 1 1350 Optical Management System 2024-11-21 N/A 7.5 HIGH
In NOKIA 1350 OMS R14.2, an Insertion of Sensitive Information into an Application Log File vulnerability occurs under /usr/Systems/OTNE_1_14_Master/maintenance/trace/web/.otn.default.log. The web application stores critical information, such as cleartext user credentials, in world-readable files in the filesystem.
CVE-2022-39819 1 Nokia 1 1350 Optical Management System 2024-11-21 N/A 8.8 HIGH
In NOKIA 1350 OMS R14.2, multiple OS Command Injection vulnerabilities occur in /cgi-bin/R14.2/log.pl via the cmd HTTP GET parameter and /cgi-bin/R14.2/checkping.pl via the addr HTTP GET parameter. This allows authenticated users to execute commands on the operating system.
CVE-2022-39817 1 Nokia 1 1350 Optical Management System 2024-11-21 N/A 8.8 HIGH
In NOKIA 1350 OMS R14.2, multiple SQL Injection vulnerabilities occur in /cgi-bin/R14.2/easy1350.pl via the id or host HTTP GET parameter, or /cgi-bin/R14.2/cgi-bin/R14.2/host.pl via the host HTTP GET parameter. Exploitation requires an authenticated attacker.
CVE-2022-39816 1 Nokia 1 1350 Optical Management System 2024-11-21 N/A 6.5 MEDIUM
In NOKIA 1350 OMS R14.2, Insufficiently Protected Credentials (cleartext password) occur in /cgi-bin/R14.2/cgi-bin/R14.2/host.pl on the edit configuration page. Exploitation requires an authenticated attacker.
CVE-2022-39815 1 Nokia 1 1350 Optical Management System 2024-11-21 N/A 9.8 CRITICAL
In NOKIA 1350 OMS R14.2, multiple OS Command Injection vulnerabilities occur in /CGI-BIN/OTNE_1-14/runBatch.cgi via the file HTTP POST parameter, /CGI-BIN/OTNE_1-14/getRadioTLs.cgi via the context HTTP POST parameter, /CGI-BIN/OTNE_1-14/runRouteReport.cgi via the file HTTP POST parameter or /CGI-BIN/RemoteCommandManager.cgi via the command HTTP POST parameter.
CVE-2022-39814 1 Nokia 1 1350 Optical Management System 2024-11-21 N/A 6.1 MEDIUM
In NOKIA 1350 OMS R14.2, an Open Redirect vulnerability occurs is the login page via next HTTP GET parameter.