Details of VAR-202603-0854

ID

VAR-202603-0854

CVE

CVE-2021-35483

TITLE

Nokia's Nokia IMPACT Cross-site scripting vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2026-006425

DESCRIPTION

The Applications component of Nokia IMPACT version through 19.11.2.10-20210118042150283 allows an authenticated user to arbitrarily upload JavaScript files via the /ui/rest-proxy/application fileupload parameter. This can occur during the adding of a new application, or during the editing of an existing one. If an authenticated user visits the web page where the file is published, the JavaScript code is executed. Also, some of the information handled by the software may be rewritten. Furthermore, the software will not stop. Furthermore, attacks that exploit this vulnerability will not affect other software

Trust: 1.62

sources: NVD: CVE-2021-35483 // JVNDB: JVNDB-2026-006425

AFFECTED PRODUCTS

vendor:	nokia	model:	impact	scope:	lte	version:	19.11.2.10-20210118042150283	Trust: 1.0
vendor:	ノキア	model:	nokia impact	scope:	eq	version:	-	Trust: 0.8
vendor:	ノキア	model:	nokia impact	scope:	lte	version:	19.11.2.10-20210118042150283 and earlier	Trust: 0.8
vendor:	ノキア	model:	nokia impact	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2026-006425 // NVD: CVE-2021-35483

CVSS

SEVERITY

CVSSV2

CVSSV3

134c704f-9b21-4f2e-91b3-4a467353bcc0:	CVE-2021-35483
value:	MEDIUM
Trust: 1.0
OTHER:	JVNDB-2026-006425
value:	MEDIUM
Trust: 0.8

134c704f-9b21-4f2e-91b3-4a467353bcc0:	CVE-2021-35483
baseSeverity:	MEDIUM
baseScore:	4.1
vectorString:	CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	1.5
impactScore:	2.5
version:	3.1
Trust: 1.0
OTHER:	JVNDB-2026-006425
baseSeverity:	MEDIUM
baseScore:	4.1
vectorString:	CVSS:3.0/AV:A/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
attackVector:	ADJACENT NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2026-006425 // NVD: CVE-2021-35483

PROBLEMTYPE DATA

problemtype:	CWE-79	Trust: 1.0
problemtype:	Cross-site scripting (CWE-79) [ others ]	Trust: 0.8

sources: JVNDB: JVNDB-2026-006425 // NVD: CVE-2021-35483

PATCH

title:

Gruppo TIM | CVE-2021-35483 Motive IMPACT

url:

https://www.gruppotim.it/it/footer/red-team/2021/Motive-Impact-CVE-2021-35483.html

Trust: 0.8

sources: JVNDB: JVNDB-2026-006425

EXTERNAL IDS

db:	NVD	id:	CVE-2021-35483	Trust: 2.6
db:	JVNDB	id:	JVNDB-2026-006425	Trust: 0.8

sources: JVNDB: JVNDB-2026-006425 // NVD: CVE-2021-35483

REFERENCES

url:	https://www.nokia.com/notices/responsible-disclosure/	Trust: 1.8
url:	https://www.nokia.com/networks/solutions/impact-iot-platform/	Trust: 1.8
url:	https://www.gruppotim.it/it/footer/red-team/2021/motive-impact-cve-2021-35483.html	Trust: 1.0
url:	https://nvd.nist.gov/vuln/detail/cve-2021-35483	Trust: 0.8

sources: JVNDB: JVNDB-2026-006425 // NVD: CVE-2021-35483

SOURCES

db:	JVNDB	id:	JVNDB-2026-006425
db:	NVD	id:	CVE-2021-35483

LAST UPDATE DATE

2026-03-09T23:50:02.265000+00:00

SOURCES UPDATE DATE

db:	JVNDB	id:	JVNDB-2026-006425	date:	2026-03-09T06:08:00
db:	NVD	id:	CVE-2021-35483	date:	2026-03-05T21:50:19.913

SOURCES RELEASE DATE

db:	JVNDB	id:	JVNDB-2026-006425	date:	2026-03-09T00:00:00
db:	NVD	id:	CVE-2021-35483	date:	2026-03-03T18:16:20.077