cvedb.io
CVE-2021-35487
MEDIUM · CVSS 6.5
EPSS exploitation probability: 0%
Published 2022-05-25T14:15:08.583 · Last modified 2026-06-17T03:57:33.657

Summary

Nokia Broadcast Message Center through 11.1.0 allows an authenticated user to perform a Boolean Blind SQL Injection attack on the endpoint /owui/block/send-receive-updates (for the Manage Alerts page) via the extIdentifier HTTP POST parameter. This allows an attacker to obtain the database user, database name, and database version information, and potentially database data.

Affected products

nokia — broadcast_message_center

Does this affect you?

Add your gear to cvedb and we'll alert you only when nokia ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.