CVE-2021-35484

Nokia IMPACT through 19.11.2.10-20210118042150283 allows an authenticated user to perform a Time-based Boolean Blind SQL Injection attack on the endpoint /ui/rest-proxy/campaign/statistic (for the View Campaign page) via the sortColumn HTTP GET parameter. This allows an attacker to access sensitive data from the database and obtain access to the database user, database name, and database version information.

CVSS v3 8.2 HIGH

8.2^/10

CVSS v3 : HIGH

Vector :

Exploitability : 3.9 / Impact : 4.2

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://www.gruppotim.it/it/footer/red-team/2021/Motive-Impact-CVE-2021-35484.html	Third Party Advisory
https://www.nokia.com/networks/solutions/impact-iot-platform/	Product
https://www.nokia.com/notices/responsible-disclosure/	Issue Tracking

Configurations

Configuration 1 (hide)

cpe:2.3:a:nokia:impact:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2026-03-03 18:16

Updated : 2026-03-05 21:53

NVD link : CVE-2021-35484

Mitre link : CVE-2021-35484

CVE.ORG link : CVE-2021-35484

JSON object : View

Products Affected

nokia

impact

CWE

CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

{"id": "CVE-2021-35484", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 4.2, "exploitabilityScore": 3.9}]}, "published": "2026-03-03T18:16:20.770", "references": [{"url": "https://www.gruppotim.it/it/footer/red-team/2021/Motive-Impact-CVE-2021-35484.html", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.nokia.com/networks/solutions/impact-iot-platform/", "tags": ["Product"], "source": "cve@mitre.org"}, {"url": "https://www.nokia.com/notices/responsible-disclosure/", "tags": ["Issue Tracking"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-89"}]}], "descriptions": [{"lang": "en", "value": "Nokia IMPACT through 19.11.2.10-20210118042150283 allows an authenticated user to perform a Time-based Boolean Blind SQL Injection attack on the endpoint /ui/rest-proxy/campaign/statistic (for the View Campaign page) via the sortColumn HTTP GET parameter. This allows an attacker to access sensitive data from the database and obtain access to the database user, database name, and database version information."}, {"lang": "es", "value": "Nokia IMPACT hasta la versi\u00f3n 19.11.2.10-20210118042150283 permite a un usuario autenticado realizar un ataque de inyecci\u00f3n SQL ciega booleana basada en tiempo en el endpoint /ui/rest-proxy/campaign/statistic (para la p\u00e1gina 'View Campaign') a trav\u00e9s del par\u00e1metro HTTP GET sortColumn. Esto permite a un atacante acceder a datos sensibles de la base de datos y obtener acceso a la informaci\u00f3n del usuario de la base de datos, el nombre de la base de datos y la versi\u00f3n de la base de datos."}], "lastModified": "2026-03-05T21:53:00.810", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:nokia:impact:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C0E4A08C-B0D2-4E75-BAF4-024D365DAA9C", "versionEndIncluding": "19.11.2.10-20210118042150283"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}