Nokia IMPACT Time-based Boolean Blind SQL Injection Vulnerability

Vulnerability

A time-based Boolean blind SQL injection vulnerability has been identified in Nokia IMPACT versions through 19.11.2.10-20210118042150283. This vulnerability allows an authenticated user to manipulate the sortColumn HTTP GET parameter on the /ui/rest-proxy/campaign/statistic endpoint, which is used for the View Campaign page. Exploiting this vulnerability could enable an attacker to access sensitive database information, including details about the database user, name, and version.

Impact

Exploitation of this vulnerability could lead to unauthorized access to sensitive database information, including the database user, name, and version details.

Added: Mar 3, 2026, 6:27 PM

Updated: Mar 3, 2026, 10:56 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

3.3

remediation

0.0

relevance

3.4

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

3.3

remediation

0.0

relevance

3.4

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Nokia IMPACT Time-based Boolean Blind SQL Injection Vulnerability

Vulnerability

Impact

Affected Products

Nokia IMPACT

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating