CVE-2022-40713

Name of the Vulnerable Software and Affected Versions NOKIA 1350OMS version R14.2

Description An issue exists in the software, where multiple Relative Path Traversal issues are present in different specific endpoints via the file parameter. This allows a remote authenticated attacker to read files on the filesystem arbitrarily.

Recommendations For NOKIA 1350OMS version R14.2, consider restricting access to the vulnerable endpoints and limiting the use of the file parameter until a fix is available. As a temporary workaround, restrict file system access to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.