Nokia Broadcast Message Center through 11.1.0 allows an authenticated user to perform a Boolean Blind SQL Injection attack on the endpoint /owui/block/send-receive-updates (for the Manage Alerts page) via the extIdentifier HTTP POST parameter. This allows an attacker to obtain the database user, database name, and database version information, and potentially database data.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2022-05-25T13:41:38
Updated: 2024-08-04T00:40:46.310Z
Reserved: 2021-06-24T00:00:00
Link: CVE-2021-35487
Vulnrichment
No data.
NVD
Status : Modified
Published: 2022-05-25T14:15:08.583
Modified: 2024-11-21T06:12:21.600
Link: CVE-2021-35487
Redhat
No data.