Details of VAR-202603-0527

ID

VAR-202603-0527

CVE

CVE-2021-35484

TITLE

Nokia's Nokia IMPACT In SQL Injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2026-006424

DESCRIPTION

Nokia IMPACT through 19.11.2.10-20210118042150283 allows an authenticated user to perform a Time-based Boolean Blind SQL Injection attack on the endpoint /ui/rest-proxy/campaign/statistic (for the View Campaign page) via the sortColumn HTTP GET parameter. This allows an attacker to access sensitive data from the database and obtain access to the database user, database name, and database version information. In addition, some of the information handled by the software may be rewritten. Furthermore, the software will not stop. Furthermore, attacks that exploit this vulnerability will not affect other software

Trust: 1.62

sources: NVD: CVE-2021-35484 // JVNDB: JVNDB-2026-006424

AFFECTED PRODUCTS

vendor:	nokia	model:	impact	scope:	lte	version:	19.11.2.10-20210118042150283	Trust: 1.0
vendor:	ノキア	model:	nokia impact	scope:	eq	version:	-	Trust: 0.8
vendor:	ノキア	model:	nokia impact	scope:	lte	version:	19.11.2.10-20210118042150283 and earlier	Trust: 0.8
vendor:	ノキア	model:	nokia impact	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2026-006424 // NVD: CVE-2021-35484

CVSS

SEVERITY

CVSSV2

CVSSV3

134c704f-9b21-4f2e-91b3-4a467353bcc0:	CVE-2021-35484
value:	HIGH
Trust: 1.0
OTHER:	JVNDB-2026-006424
value:	HIGH
Trust: 0.8

134c704f-9b21-4f2e-91b3-4a467353bcc0:	CVE-2021-35484
baseSeverity:	HIGH
baseScore:	8.2
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	4.2
version:	3.1
Trust: 1.0
OTHER:	JVNDB-2026-006424
baseSeverity:	HIGH
baseScore:	8.2
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2026-006424 // NVD: CVE-2021-35484

PROBLEMTYPE DATA

problemtype:	CWE-89	Trust: 1.0
problemtype:	SQL injection (CWE-89) [ others ]	Trust: 0.8

sources: JVNDB: JVNDB-2026-006424 // NVD: CVE-2021-35484

PATCH

title:

Gruppo TIM | CVE-2021-35484 Motive IMPACT

url:

https://www.gruppotim.it/it/footer/red-team/2021/Motive-Impact-CVE-2021-35484.html

Trust: 0.8

sources: JVNDB: JVNDB-2026-006424

EXTERNAL IDS

db:	NVD	id:	CVE-2021-35484	Trust: 2.6
db:	JVNDB	id:	JVNDB-2026-006424	Trust: 0.8

sources: JVNDB: JVNDB-2026-006424 // NVD: CVE-2021-35484

REFERENCES

url:	https://www.nokia.com/notices/responsible-disclosure/	Trust: 1.8
url:	https://www.nokia.com/networks/solutions/impact-iot-platform/	Trust: 1.8
url:	https://www.gruppotim.it/it/footer/red-team/2021/motive-impact-cve-2021-35484.html	Trust: 1.0
url:	https://nvd.nist.gov/vuln/detail/cve-2021-35484	Trust: 0.8

sources: JVNDB: JVNDB-2026-006424 // NVD: CVE-2021-35484

SOURCES

db:	JVNDB	id:	JVNDB-2026-006424
db:	NVD	id:	CVE-2021-35484

LAST UPDATE DATE

2026-03-09T23:51:31.837000+00:00

SOURCES UPDATE DATE

db:	JVNDB	id:	JVNDB-2026-006424	date:	2026-03-09T06:08:00
db:	NVD	id:	CVE-2021-35484	date:	2026-03-05T21:53:00.810

SOURCES RELEASE DATE

db:	JVNDB	id:	JVNDB-2026-006424	date:	2026-03-09T00:00:00
db:	NVD	id:	CVE-2021-35484	date:	2026-03-03T18:16:20.770