Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
8.0
Nokia IMPACT Allows Authenticated Upload of Malicious Files
CVE-2021-35485
Summary
An attacker with a valid login can upload malicious files to Nokia IMPACT, potentially allowing them to execute code on the server. This could lead to unauthorized access or data breaches. Nokia IMPACT users should update to a fixed version as soon as possible to prevent exploitation.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| nokia | impact | <= 19.11.2.10-20210118042150283 | – |
Original title
The Applications component of Nokia IMPACT version through 19.11.2.10-20210118042150283 allows an authenticated user to arbitrarily upload server-side executable files via the /ui/rest-proxy/applic...
Original description
The Applications component of Nokia IMPACT version through 19.11.2.10-20210118042150283 allows an authenticated user to arbitrarily upload server-side executable files via the /ui/rest-proxy/application fileupload parameter. This can occur during the adding of a new application, or during the editing of an existing one.
nvd CVSS3.1
8.0
Vulnerability type
CWE-434
Unrestricted File Upload
Published: 3 Mar 2026 · Updated: 13 Mar 2026 · First seen: 6 Mar 2026