Details of VAR-202603-0595

ID

VAR-202603-0595

CVE

CVE-2021-35485

TITLE

Nokia's Nokia IMPACT Vulnerability in unlimited upload of dangerous types of files in

Trust: 0.8

sources: JVNDB: JVNDB-2026-006423

DESCRIPTION

The Applications component of Nokia IMPACT version through 19.11.2.10-20210118042150283 allows an authenticated user to arbitrarily upload server-side executable files via the /ui/rest-proxy/application fileupload parameter. This can occur during the adding of a new application, or during the editing of an existing one. All information handled by the software may be rewritten. Furthermore, the software may stop working completely. Furthermore, attacks that exploit this vulnerability will not affect other software

Trust: 1.62

sources: NVD: CVE-2021-35485 // JVNDB: JVNDB-2026-006423

AFFECTED PRODUCTS

vendor:	nokia	model:	impact	scope:	lte	version:	19.11.2.10-20210118042150283	Trust: 1.0
vendor:	ノキア	model:	nokia impact	scope:	eq	version:	-	Trust: 0.8
vendor:	ノキア	model:	nokia impact	scope:	lte	version:	19.11.2.10-20210118042150283 and earlier	Trust: 0.8
vendor:	ノキア	model:	nokia impact	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2026-006423 // NVD: CVE-2021-35485

CVSS

SEVERITY

CVSSV2

CVSSV3

134c704f-9b21-4f2e-91b3-4a467353bcc0:	CVE-2021-35485
value:	HIGH
Trust: 1.0
OTHER:	JVNDB-2026-006423
value:	HIGH
Trust: 0.8

134c704f-9b21-4f2e-91b3-4a467353bcc0:	CVE-2021-35485
baseSeverity:	HIGH
baseScore:	8.0
vectorString:	CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.1
impactScore:	5.9
version:	3.1
Trust: 1.0
OTHER:	JVNDB-2026-006423
baseSeverity:	HIGH
baseScore:	8.0
vectorString:	CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	ADJACENT NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2026-006423 // NVD: CVE-2021-35485

PROBLEMTYPE DATA

problemtype:	CWE-434	Trust: 1.0
problemtype:	Unlimited uploads of dangerous types of files (CWE-434) [ others ]	Trust: 0.8

sources: JVNDB: JVNDB-2026-006423 // NVD: CVE-2021-35485

PATCH

title:

Gruppo TIM | CVE-2021-35485 Motive IMPACT

url:

https://www.gruppotim.it/it/footer/red-team/2021/Motive-Impact-CVE-2021-35485.html

Trust: 0.8

sources: JVNDB: JVNDB-2026-006423

EXTERNAL IDS

db:	NVD	id:	CVE-2021-35485	Trust: 2.6
db:	JVNDB	id:	JVNDB-2026-006423	Trust: 0.8

sources: JVNDB: JVNDB-2026-006423 // NVD: CVE-2021-35485

REFERENCES

url:	https://www.nokia.com/notices/responsible-disclosure/	Trust: 1.8
url:	https://www.nokia.com/networks/solutions/impact-iot-platform/	Trust: 1.8
url:	https://www.gruppotim.it/it/footer/red-team/2021/motive-impact-cve-2021-35485.html	Trust: 1.0
url:	https://nvd.nist.gov/vuln/detail/cve-2021-35485	Trust: 0.8

sources: JVNDB: JVNDB-2026-006423 // NVD: CVE-2021-35485

SOURCES

db:	JVNDB	id:	JVNDB-2026-006423
db:	NVD	id:	CVE-2021-35485

LAST UPDATE DATE

2026-03-09T23:47:49.548000+00:00

SOURCES UPDATE DATE

db:	JVNDB	id:	JVNDB-2026-006423	date:	2026-03-09T06:08:00
db:	NVD	id:	CVE-2021-35485	date:	2026-03-05T21:53:44.043

SOURCES RELEASE DATE

db:	JVNDB	id:	JVNDB-2026-006423	date:	2026-03-09T00:00:00
db:	NVD	id:	CVE-2021-35485	date:	2026-03-03T18:16:20.910