GCVE - cpe:2.3:a:nokia:netact:20.1:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:nokia:netact:20.1:*:*:*:*:*:*:*

part: a version: 20.1 update: *

Vendor	Nokia (`817976ae-06c5-5680-b3fe-e55f44d8308a`)
Product	Netact (`62d431b1-2f89-5051-9e8d-5a3bcf0087c9`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2023-26059`	vulnerable	2026-06-03 14:50:57.473718	Details available MEDIUM (6.8) An issue was discovered in Nokia NetAct before 22 SP1037. On the Site Configuration Tool tab, attackers can upload a ZIP file which, when processed, exploits Stored XSS. The upload option of the Site Configuration tool does not validate the file contents. The application is in a demilitarised zone behind a perimeter firewall and without exposure to the internet. The attack can only be performed by an internal user. Published: 2023-04-24T00:00:00.000Z Updated: 2025-02-04T16:33:22.262Z Open on db.gcve.eu Reference links https://nokia.com https://www.ptsecurity.com/ww-en/analytics/threatscape/pt-2022-03/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-26058`	vulnerable	2026-06-03 14:50:57.473359	Details available MEDIUM (6.5) An XXE issue was discovered in Nokia NetAct before 22 FP2211 via an XML document to a Performance Manager page. Input validation and a proper XML parser configuration are missing. For an external attacker, it is very difficult to exploit this, because a few dynamically created parameters such as Jsession-id, a CSRF token, and an Nxsrf token would be needed. The attack can realistically only be performed by an internal user. Published: 2023-04-25T00:00:00.000Z Updated: 2025-02-04T15:25:56.848Z Open on db.gcve.eu Reference links https://nokia.com https://www.ptsecurity.com/ww-en/analytics/threatscape/pt-2022-02/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-26057`	vulnerable	2026-06-03 14:50:57.472891	Details available MEDIUM (6.5) An XXE issue was discovered in Nokia NetAct before 22 FP2211 via an XML document to the Configuration Dashboard page. Input validation and a proper XML parser configuration are missing. For an external attacker, it is very difficult to exploit this, because a few dynamically created parameters such as Jsession-id, a CSRF token, and an Nxsrf token would be needed. The attack can realistically only be performed by an internal user. Published: 2023-04-25T00:00:00.000Z Updated: 2025-02-04T15:27:21.865Z Open on db.gcve.eu Reference links https://nokia.com https://www.ptsecurity.com/ww-en/analytics/threatscape/pt-2022-01/	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.