CVE-2023-31044

Name of the Vulnerable Software and Affected Versions Nokia Impact versions prior to Mobile 23 FP1 Nokia Impact DM versions prior to 19.11

Description A flaw exists in Nokia Impact that allows a remote authenticated user to inject a malicious payload into the Campaign Name field when using the Add Campaign functionality. This injected data can be exported to a CSV file. An attacker can populate data fields within the CSV file to potentially exfiltrate data or perform other malicious actions when the file is automatically processed by spreadsheet software.

Recommendations Update Nokia Impact to version Mobile 23 FP1 or later. Update Nokia Impact DM to version 19.11 or later.