Nokia Impact Improper Neutralization of Formula Elements Vulnerability in Campaign Export Function

Vulnerability

A vulnerability allowing for improper neutralization of formula elements in CSV exports has been identified in Nokia Impact versions prior to Mobile 23_FP1. This issue arises in Impact DM 19.11 and later, where a remote authenticated user can inject malicious payloads into the Campaign Name while using the Add Campaign feature. The injected data can be exported to a CSV file, potentially leading to data exfiltration or other malicious activities when the file is opened with spreadsheet software.

Impact

Exploitation of this vulnerability could result in command injection, allowing attackers to execute arbitrary commands on the affected system.

Added: Mar 3, 2026, 6:25 PM

Updated: Mar 3, 2026, 10:30 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.4

exploitability

2.6

remediation

0.0

relevance

3.4

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.4

exploitability

2.6

remediation

0.0

relevance

3.4

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Nokia Impact Improper Neutralization of Formula Elements Vulnerability in Campaign Export Function

Vulnerability

Impact

Affected Products

Nokia Impact

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating