CVE-2021-35485
Authenticated File Upload Vulnerability in Nokia IMPACT Applications
Publication date: 2026-03-03
Last updated on: 2026-03-05
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| nokia | impact | to 19.11.2.10-20210118042150283 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-434 | The product allows the upload or transfer of dangerous file types that are automatically processed within its environment. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
[{'type': 'paragraph', 'content': 'CVE-2021-35485 is a vulnerability in the Nokia IMPACT web interface version 19.11.2.10-20210118042150283 that allows an authenticated user to upload arbitrary server-side executable files via the /ui/rest-proxy/application fileupload parameter.'}, {'type': 'paragraph', 'content': 'This occurs when adding a new application or editing an existing one, enabling the attacker to bypass restrictions and upload potentially dangerous files without proper validation.'}, {'type': 'paragraph', 'content': 'It is classified as an "Unrestricted Upload of File with Dangerous Type" vulnerability (CWE-434).'}] [1]
How can this vulnerability impact me? :
This vulnerability can have serious security implications as it allows an authenticated attacker to upload arbitrary and potentially dangerous executable files to the server.
Such an exploit could lead to unauthorized code execution on the server, potentially compromising the entire system, leading to data breaches, service disruption, or further attacks within the network.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
I don't know
What immediate steps should I take to mitigate this vulnerability?
I don't know