CVE-2021-35487

MEDIUM

Nokia Broadcast Message Center <11.1.0 - SQL Injection

Title source: llm
STIX 2.1

Description

Nokia Broadcast Message Center through 11.1.0 allows an authenticated user to perform a Boolean Blind SQL Injection attack on the endpoint /owui/block/send-receive-updates (for the Manage Alerts page) via the extIdentifier HTTP POST parameter. This allows an attacker to obtain the database user, database name, and database version information, and potentially database data.

References (2)

Core 2
Core References
Exploit, Third Party Advisory x_refsource_misc
https://www.gruppotim.it/it/footer/red-team.html

Scores

CVSS v3 6.5
EPSS 0.0096
EPSS Percentile 57.4%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Details

CWE
CWE-89
Status published
Products (1)
nokia/broadcast_message_center < 11.1.0
Published May 25, 2022
Tracked Since Feb 18, 2026