CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2022-41761
https://notcve.org/view.php?id=CVE-2022-41761
An issue was discovered in NOKIA NFM-T R19.9. An Absolute Path Traversal vulnerability exists under /cgi-bin/R19.9/viewlog.pl of the VM Manager WebUI via the logfile parameter, allowing a remote authenticated attacker to read arbitrary files. Se descubrió un problema en NOKIA NFM-T R19.9. Existe una vulnerabilidad Absolute Path Traversal en /cgi-bin/R19.9/viewlog.pl de VM Manager WebUI a través del parámetro logfile, lo que permite a un atacante remoto autenticado leer archivos arbitrarios. • https://www.gruppotim.it/it/footer/red-team.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2022-41762
https://notcve.org/view.php?id=CVE-2022-41762
An issue was discovered in NOKIA NFM-T R19.9. Multiple Reflected XSS vulnerabilities exist in the Network Element Manager via any parameter to log.pl, the bench or pid parameter to top.pl, or the id parameter to easy1350.pl. Se descubrió un problema en NOKIA NFM-T R19.9. Existen múltiples vulnerabilidades de XSS reflejado en Network Element Manager a través de cualquier parámetro de log.pl, el parámetro bench o pid de top.pl o el parámetro id de easy1350.pl. • https://www.gruppotim.it/it/footer/red-team.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •