CVE-2021-35483

The Applications component of Nokia IMPACT version through 19.11.2.10-20210118042150283 allows an authenticated user to arbitrarily upload JavaScript files via the /ui/rest-proxy/application fileupload parameter. This can occur during the adding of a new application, or during the editing of an existing one. If an authenticated user visits the web page where the file is published, the JavaScript code is executed.

CVSS v3 4.1 MEDIUM

4.1^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.5 / Impact : 2.5

Attack Vector ADJACENT_NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://www.gruppotim.it/it/footer/red-team/2021/Motive-Impact-CVE-2021-35483.html	Third Party Advisory
https://www.nokia.com/networks/solutions/impact-iot-platform/	Product
https://www.nokia.com/notices/responsible-disclosure/	Issue Tracking

Configurations

Configuration 1 (hide)

cpe:2.3:a:nokia:impact:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2026-03-03 18:16

Updated : 2026-03-05 21:50

NVD link : CVE-2021-35483

Mitre link : CVE-2021-35483

CVE.ORG link : CVE-2021-35483

JSON object : View

Products Affected

nokia

impact

CWE

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

{"id": "CVE-2021-35483", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.1, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 2.5, "exploitabilityScore": 1.5}]}, "published": "2026-03-03T18:16:20.077", "references": [{"url": "https://www.gruppotim.it/it/footer/red-team/2021/Motive-Impact-CVE-2021-35483.html", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.nokia.com/networks/solutions/impact-iot-platform/", "tags": ["Product"], "source": "cve@mitre.org"}, {"url": "https://www.nokia.com/notices/responsible-disclosure/", "tags": ["Issue Tracking"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "The Applications component of Nokia IMPACT version through 19.11.2.10-20210118042150283 allows an authenticated user to arbitrarily upload JavaScript files via the /ui/rest-proxy/application fileupload parameter. This can occur during the adding of a new application, or during the editing of an existing one. If an authenticated user visits the web page where the file is published, the JavaScript code is executed."}, {"lang": "es", "value": "El componente de Aplicaciones de Nokia IMPACT versi\u00f3n hasta 19.11.2.10-20210118042150283 permite a un usuario autenticado cargar arbitrariamente archivos JavaScript a trav\u00e9s del par\u00e1metro fileupload de /ui/rest-proxy/application. Esto puede ocurrir durante la adici\u00f3n de una nueva aplicaci\u00f3n o durante la edici\u00f3n de una existente. Si un usuario autenticado visita la p\u00e1gina web donde se publica el archivo, el c\u00f3digo JavaScript se ejecuta."}], "lastModified": "2026-03-05T21:50:19.913", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:nokia:impact:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C0E4A08C-B0D2-4E75-BAF4-024D365DAA9C", "versionEndIncluding": "19.11.2.10-20210118042150283"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}