CVE-2022-41760

Name of the Vulnerable Software and Affected Versions NOKIA NFM-T version R19.9

Description An issue allows a remote authenticated attacker to read arbitrary files via Relative Path Traversal under /oms1350/data/cpb/log of the Network Element Manager. This is achieved through the filename parameter.

Recommendations For NOKIA NFM-T version R19.9, consider restricting access to the /oms1350/data/cpb/log endpoint to minimize the risk of exploitation. As a temporary workaround, avoid using the filename parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.