Details of VAR-202603-0800

ID

VAR-202603-0800

CVE

CVE-2021-35486

TITLE

Nokia's Nokia Impact Cross-site request forgery vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2026-007210

DESCRIPTION

A Cross-Site Request Forgery (CSRF) vulnerability in Nokia IMPACT through 19.11.2.10-20210118042150283 allows a remote attacker to import and overwrite the entire application configuration. Specifically, in /ui/rest-proxy/entity/import, neither the X-CSRF-NONCE HTTP header nor the CSRF-NONCE cookie is validated. All information handled by the software may be rewritten. Furthermore, the software will not stop. Furthermore, attacks that exploit this vulnerability will not affect other software

Trust: 1.62

sources: NVD: CVE-2021-35486 // JVNDB: JVNDB-2026-007210

AFFECTED PRODUCTS

vendor:	nokia	model:	impact mobile	scope:	lte	version:	19.11.2.10-20210118042150283	Trust: 1.0
vendor:	ノキア	model:	nokia impact	scope:	lte	version:	19.11.2.10-20210118042150283 and earlier	Trust: 0.8
vendor:	ノキア	model:	nokia impact	scope:	-	version:	-	Trust: 0.8
vendor:	ノキア	model:	nokia impact	scope:	eq	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2026-007210 // NVD: CVE-2021-35486

CVSS

SEVERITY

CVSSV2

CVSSV3

134c704f-9b21-4f2e-91b3-4a467353bcc0:	CVE-2021-35486
value:	HIGH
Trust: 1.0
OTHER:	JVNDB-2026-007210
value:	HIGH
Trust: 0.8

134c704f-9b21-4f2e-91b3-4a467353bcc0:	CVE-2021-35486
baseSeverity:	HIGH
baseScore:	8.1
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	5.2
version:	3.1
Trust: 1.0
OTHER:	JVNDB-2026-007210
baseSeverity:	HIGH
baseScore:	8.1
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2026-007210 // NVD: CVE-2021-35486

PROBLEMTYPE DATA

problemtype:	CWE-352	Trust: 1.0
problemtype:	Cross-site request forgery (CWE-352) [ others ]	Trust: 0.8

sources: JVNDB: JVNDB-2026-007210 // NVD: CVE-2021-35486

PATCH

title:

Gruppo TIM | CVE-2021-35486 Motive IMPACT Nokia Nokia

url:

https://www.gruppotim.it/it/footer/red-team/2021/Motive-Impact-CVE-2021-35486.html

Trust: 0.8

sources: JVNDB: JVNDB-2026-007210

EXTERNAL IDS

db:	NVD	id:	CVE-2021-35486	Trust: 2.6
db:	JVNDB	id:	JVNDB-2026-007210	Trust: 0.8

sources: JVNDB: JVNDB-2026-007210 // NVD: CVE-2021-35486

REFERENCES

url:	https://www.nokia.com/networks/solutions/impact-iot-platform/	Trust: 1.8
url:	https://www.nokia.com/notices/responsible-disclosure/	Trust: 1.0
url:	https://www.gruppotim.it/it/footer/red-team/2021/motive-impact-cve-2021-35486.html	Trust: 1.0
url:	https://nvd.nist.gov/vuln/detail/cve-2021-35486	Trust: 0.8

sources: JVNDB: JVNDB-2026-007210 // NVD: CVE-2021-35486

SOURCES

db:	JVNDB	id:	JVNDB-2026-007210
db:	NVD	id:	CVE-2021-35486

LAST UPDATE DATE

2026-03-16T23:50:58.243000+00:00

SOURCES UPDATE DATE

db:	JVNDB	id:	JVNDB-2026-007210	date:	2026-03-16T05:56:00
db:	NVD	id:	CVE-2021-35486	date:	2026-03-13T01:04:48.307

SOURCES RELEASE DATE

db:	JVNDB	id:	JVNDB-2026-007210	date:	2026-03-16T00:00:00
db:	NVD	id:	CVE-2021-35486	date:	2026-03-03T18:16:21.050