Details of VAR-202603-0377

ID

VAR-202603-0377

CVE

CVE-2023-31044

TITLE

Nokia's Nokia Impact Code injection vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2026-006487

DESCRIPTION

An issue was discovered in Nokia Impact before Mobile 23_FP1. In Impact DM 19.11 onwards, a remote authenticated user, using the Add Campaign functionality, can inject a malicious payload within the Campaign Name. This data can be exported to a CSV file. Attackers can populate data fields that may attempt data exfiltration or other malicious activity when automatically executed by the spreadsheet software. All information handled by the software may be rewritten. Furthermore, the software may stop working completely. Furthermore, attacks that exploit this vulnerability will not affect other software

Trust: 1.62

sources: NVD: CVE-2023-31044 // JVNDB: JVNDB-2026-006487

AFFECTED PRODUCTS

vendor:	nokia	model:	impact mobile	scope:	lte	version:	23	Trust: 1.0
vendor:	nokia	model:	impact mobile	scope:	gte	version:	19.11	Trust: 1.0
vendor:	ノキア	model:	nokia impact	scope:	eq	version:	-	Trust: 0.8
vendor:	ノキア	model:	nokia impact	scope:	eq	version:	19.11 to 23	Trust: 0.8
vendor:	ノキア	model:	nokia impact	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2026-006487 // NVD: CVE-2023-31044

CVSS

SEVERITY

CVSSV2

CVSSV3

cve@mitre.org:	CVE-2023-31044
value:	LOW
Trust: 1.0
nvd@nist.gov:	CVE-2023-31044
value:	HIGH
Trust: 1.0
NVD:	CVE-2023-31044
value:	HIGH
Trust: 0.8

cve@mitre.org:	CVE-2023-31044
baseSeverity:	LOW
baseScore:	2.0
vectorString:	CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N
attackVector:	NETWORK
attackComplexity:	HIGH
privilegesRequired:	HIGH
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	0.5
impactScore:	1.4
version:	3.1
Trust: 1.0
nvd@nist.gov:	CVE-2023-31044
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2023-31044
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2026-006487 // NVD: CVE-2023-31044 // NVD: CVE-2023-31044

PROBLEMTYPE DATA

problemtype:	CWE-94	Trust: 1.0
problemtype:	Code injection (CWE-94) [ others ]	Trust: 0.8

sources: JVNDB: JVNDB-2026-006487 // NVD: CVE-2023-31044

PATCH

title:

Gruppo TIM | Pagina non trovata

url:

https://www.gruppotim.it/it/footer/red-team/2023/Motive-Impact-CVE-2023-31044.html

Trust: 0.8

sources: JVNDB: JVNDB-2026-006487

EXTERNAL IDS

db:	NVD	id:	CVE-2023-31044	Trust: 2.6
db:	JVNDB	id:	JVNDB-2026-006487	Trust: 0.8

sources: JVNDB: JVNDB-2026-006487 // NVD: CVE-2023-31044

REFERENCES

url:	https://nokia.com	Trust: 1.8
url:	https://www.gruppotim.it/it/footer/red-team/2023/motive-impact-cve-2023-31044.html	Trust: 1.0
url:	https://nvd.nist.gov/vuln/detail/cve-2023-31044	Trust: 0.8

sources: JVNDB: JVNDB-2026-006487 // NVD: CVE-2023-31044

SOURCES

db:	JVNDB	id:	JVNDB-2026-006487
db:	NVD	id:	CVE-2023-31044

LAST UPDATE DATE

2026-03-11T23:22:09.222000+00:00

SOURCES UPDATE DATE

db:	JVNDB	id:	JVNDB-2026-006487	date:	2026-03-10T01:12:00
db:	NVD	id:	CVE-2023-31044	date:	2026-03-09T13:38:49.577

SOURCES RELEASE DATE

db:	JVNDB	id:	JVNDB-2026-006487	date:	2026-03-10T00:00:00
db:	NVD	id:	CVE-2023-31044	date:	2026-03-03T18:16:21.193