CVE-2022-39817

HIGH

NOKIA 1350 OMS R14.2 - Authenticated SQL Injection

Title source: llm
STIX 2.1

Description

In NOKIA 1350 OMS R14.2, multiple SQL Injection vulnerabilities occurs. Exploitation requires an authenticated attacker. Through the injection of arbitrary SQL statements, a potential authenticated attacker can modify query syntax and perform unauthorized (and unexpected) operations against the remote database.

References (1)

Core 1
Core References
Third Party Advisory x_refsource_misc
https://www.gruppotim.it/it/footer/red-team.html

Scores

CVSS v3 8.8
EPSS 0.0072
EPSS Percentile 49.6%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-89
Status published
Products (1)
nokia/1350_optical_management_system 14.2
Published Sep 13, 2022
Tracked Since Feb 18, 2026