CVE-2022-39821
HIGHNokia 1350 Optical Management System - Log Information Exposure
Title source: ruleDescription
In NOKIA 1350 OMS R14.2, an Insertion of Sensitive Information into an Application Log File vulnerability occurs. The web application stores critical information, such as cleartext user credentials, in world-readable files in the filesystem.
References (1)
Core 1
Core References
Third Party Advisory x_refsource_misc
https://www.gruppotim.it/it/footer/red-team.html
Scores
CVSS v3
7.5
EPSS
0.0032
EPSS Percentile
54.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-532
Status
published
Products (1)
nokia/1350_optical_management_system
14.2
Published
Sep 13, 2022
Tracked Since
Feb 18, 2026