CVE-2021-35483

Severity CVSS v4.0:

Pending analysis

Type:

Unavailable / Other

Publication date:

03/03/2026

Last modified:

03/03/2026

Description

The Applications component of Nokia IMPACT version through 19.11.2.10-20210118042150283 allows an authenticated user to arbitrarily upload JavaScript files via the /ui/rest-proxy/application fileupload parameter. This can occur during the adding of a new application, or during the editing of an existing one. If an authenticated user visits the web page where the file is published, the JavaScript code is executed.

Impact

References to Advisories, Solutions, and Tools

https://www.gruppotim.it/it/footer/red-team/2021/Motive-Impact-CVE-2021-35483.html
https://www.nokia.com/networks/solutions/impact-iot-platform/
https://www.nokia.com/notices/responsible-disclosure/