Description

In NOKIA 1350 OMS R14.2, an Insertion of Sensitive Information into an Application Log File vulnerability occurs. The web application stores critical information, such as cleartext user credentials, in world-readable files in the filesystem.

Related CPE's

a

nokia

1350_optical_management_system

14.2

Vulnerable

References

https://www.gruppotim.it/it/footer/red-team.html

Third Party Advisory

https://www.gruppotim.it/it/footer/red-team.html

Third Party Advisory

Weaknesses

[email protected]

Primary
CWE-532

CVSS impact metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7.5 · High

Information

Source identifier

[email protected]

Vulnerability status

Modified

Published

2022-09-13T19:15:10.077Z

3 years ago

Last modified

2024-11-21T06:18:19.593Z

1 year ago