CVE-2022-39822

Name of the Vulnerable Software and Affected Versions NOKIA NFM-T version R19.9

Description A SQL Injection issue occurs in the /cgi-bin/R19.9/easy1350.pl endpoint of the VM Manager WebUI, specifically via the id or host HTTP GET parameters. This issue requires an authenticated attacker for exploitation.

Recommendations For NOKIA NFM-T version R19.9, consider restricting access to the /cgi-bin/R19.9/easy1350.pl endpoint until a patch is available. As a temporary workaround, avoid using the id and host parameters in the affected API endpoint to minimize the risk of exploitation.