cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2022-41760,https://securityvulnerability.io/vulnerability/CVE-2022-41760,,"An issue was discovered in NOKIA NFM-T R19.9. Relative Path Traversal can occur under /oms1350/data/cpb/log of the Network Element Manager via the filename parameter, allowing a remote authenticated attacker to read arbitrary files.",Nokia,Network Functions Manager For Transport,6.5,MEDIUM,0.0028099999763071537,false,false,false,false,,false,false,2023-12-25T00:00:00.000Z,0
CVE-2022-39818,https://securityvulnerability.io/vulnerability/CVE-2022-39818,OS Command Injection in NOKIA NFM-T WebUI,"The OS Command Injection vulnerability found in NOKIA NFM-T R19.9 allows authenticated users to exploit the /cgi-bin/R19.9/log.pl script through the cmd HTTP GET parameter. This flaw can be exploited to execute arbitrary system commands with root privileges, potentially compromising the integrity and confidentiality of affected systems. Organizations utilizing this product should prioritize applying patches and enhancing security measures to safeguard against such unauthorized command execution.",Nokia,Network Functions Manager For Transport,8.8,HIGH,0.0043299999088048935,false,false,false,false,,false,false,2023-12-25T00:00:00.000Z,0
CVE-2022-39820,https://securityvulnerability.io/vulnerability/CVE-2022-39820,,"In Network Element Manager in NOKIA NFM-T R19.9, an Unprotected Storage of Credentials vulnerability occurs under /root/RestUploadManager.xml.DRC and /DEPOT/KECustom_199/OTNE_DRC/RestUploadManager.xml. A remote user, authenticated to the operating system, with access privileges to the directory /root or /DEPOT, is able to read cleartext credentials to access the web portal NFM-T and control all the PPS Network elements.",Nokia,Network Functions Manager For Transport,6.5,MEDIUM,0.0020200000144541264,false,false,false,false,,false,false,2023-12-25T00:00:00.000Z,0
CVE-2022-41761,https://securityvulnerability.io/vulnerability/CVE-2022-41761,,"An issue was discovered in NOKIA NFM-T R19.9. An Absolute Path Traversal vulnerability exists under /cgi-bin/R19.9/viewlog.pl of the VM Manager WebUI via the logfile parameter, allowing a remote authenticated attacker to read arbitrary files.",Nokia,Network Functions Manager For Transport,6.5,MEDIUM,0.002360000042244792,false,false,false,false,,false,false,2023-12-25T00:00:00.000Z,0
CVE-2022-41762,https://securityvulnerability.io/vulnerability/CVE-2022-41762,,"An issue was discovered in NOKIA NFM-T R19.9. Multiple Reflected XSS vulnerabilities exist in the Network Element Manager via any parameter to log.pl, the bench or pid parameter to top.pl, or the id parameter to easy1350.pl.",Nokia,Network Functions Manager For Transport,6.1,MEDIUM,0.000539999979082495,false,false,false,false,,false,false,2023-12-25T00:00:00.000Z,0
CVE-2022-39822,https://securityvulnerability.io/vulnerability/CVE-2022-39822,,"In NOKIA NFM-T R19.9, a SQL Injection vulnerability occurs in /cgi-bin/R19.9/easy1350.pl of the VM Manager WebUI via the id or host HTTP GET parameter. An authenticated attacker is required for exploitation.",Nokia,Network Functions Manager For Transport,8.8,HIGH,0.0010499999625608325,false,false,false,false,,false,false,2023-12-25T00:00:00.000Z,0
CVE-2022-43675,https://securityvulnerability.io/vulnerability/CVE-2022-43675,,"An issue was discovered in NOKIA NFM-T R19.9. Reflected XSS in the Network Element Manager exists via /oms1350/pages/otn/cpbLogDisplay via the filename parameter, under /oms1350/pages/otn/connection/E2ERoutingDisplayWithOverLay via the id parameter, and under /oms1350/pages/otn/mainOtn via all parameters.",Nokia,Network Functions Manager For Transport,6.1,MEDIUM,0.000539999979082495,false,false,false,false,,false,false,2023-12-25T00:00:00.000Z,0