CVE-2021-35483

Name of the Vulnerable Software and Affected Versions Nokia IMPACT versions through 19.11.2.10-20210118042150283

Description The Applications component of Nokia IMPACT allows an authenticated user to upload JavaScript files without restriction via the /ui/rest-proxy/application fileupload parameter. This can happen when adding a new application or editing an existing one. If an authenticated user accesses the web page where the file is published, the JavaScript code will be executed.

Recommendations Versions prior to 19.11.2.10-20210118042150283 should be updated. Restrict file uploads to the /ui/rest-proxy/application endpoint.