CVE-2022-41760
https://notcve.org/view.php?id=CVE-2022-41760
An issue was discovered in NOKIA NFM-T R19.9. Relative Path Traversal can occur under /oms1350/data/cpb/log of the Network Element Manager via the filename parameter, allowing a remote authenticated attacker to read arbitrary files. Se descubrió un problema en NOKIA NFM-T R19.9. El Path Traversal relativo puede ocurrir en /oms1350/data/cpb/log de Network Element Manager a través del parámetro filename, lo que permite a un atacante remoto autenticado leer archivos arbitrarios. • https://www.gruppotim.it/it/footer/red-team.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2022-41762
https://notcve.org/view.php?id=CVE-2022-41762
An issue was discovered in NOKIA NFM-T R19.9. Multiple Reflected XSS vulnerabilities exist in the Network Element Manager via any parameter to log.pl, the bench or pid parameter to top.pl, or the id parameter to easy1350.pl. Se descubrió un problema en NOKIA NFM-T R19.9. Existen múltiples vulnerabilidades de XSS reflejado en Network Element Manager a través de cualquier parámetro de log.pl, el parámetro bench o pid de top.pl o el parámetro id de easy1350.pl. • https://www.gruppotim.it/it/footer/red-team.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •