Vulnerability Details : CVE-2022-39821
In NOKIA 1350 OMS R14.2, an Insertion of Sensitive Information into an Application Log File vulnerability occurs. The web application stores critical information, such as cleartext user credentials, in world-readable files in the filesystem.
Products affected by CVE-2022-39821
- cpe:2.3:a:nokia:1350_optical_management_system:14.2:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2022-39821
0.15%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 50 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2022-39821
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
3.9
|
3.6
|
NIST |
CWE ids for CVE-2022-39821
-
Information written to log files can be of a sensitive nature and give valuable guidance to an attacker or expose sensitive user information.Assigned by: nvd@nist.gov (Primary)
References for CVE-2022-39821
-
https://www.gruppotim.it/it/footer/red-team.html
Gruppo TIM | Vulnerability Research & AdvisorThird Party Advisory
Jump to