CVE-2022-43675

Name of the Vulnerable Software and Affected Versions NOKIA NFM-T version R19.9

Description An issue exists in the Network Element Manager, specifically a Reflected XSS. This issue can be exploited via several API endpoints, including "/oms1350/pages/otn/cpbLogDisplay" via the filename parameter, under "/oms1350/pages/otn/connection/E2ERoutingDisplayWithOverLay" via the id parameter, and under "/oms1350/pages/otn/mainOtn" via all parameters.

Recommendations For NOKIA NFM-T version R19.9, consider disabling access to the vulnerable API endpoints "/oms1350/pages/otn/cpbLogDisplay", "/oms1350/pages/otn/connection/E2ERoutingDisplayWithOverLay", and "/oms1350/pages/otn/mainOtn" until a patch is available. Additionally, restrict the use of the filename and id parameters in these endpoints to minimize the risk of exploitation. Avoid using all parameters in the "/oms1350/pages/otn/mainOtn" endpoint until the issue is resolved.