Impact Mobile
CVE-2023-31044
LOW
Severity by source
AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N
Lifecycle Timeline
2DescriptionCVE.org
An issue was discovered in Nokia Impact before Mobile 23_FP1. In Impact DM 19.11 onwards, a remote authenticated user, using the Add Campaign functionality, can inject a malicious payload within the Campaign Name. This data can be exported to a CSV file. Attackers can populate data fields that may attempt data exfiltration or other malicious activity when automatically executed by the spreadsheet software.
AnalysisAI
An issue was discovered in Nokia Impact before Mobile 23_FP1. In Impact DM 19.11 onwards, a remote authenticated user, using the Add Campaign functionality, can inject a malicious payload within the Campaign Name. [CVSS 2.0 LOW]
Technical ContextAI
Classified as CWE-94 (Code Injection). Affects Impact Mobile. An issue was discovered in Nokia Impact before Mobile 23_FP1. In Impact DM 19.11 onwards, a remote authenticated user, using the Add Campaign functionality, can inject a malicious payload within the Campaign Name. This data can be exported to a CSV file. Attackers can populate data fields that may attempt data exfiltration or other malicious activity when automatically executed by the spreadsheet software.
RemediationAI
Monitor vendor advisories for a patch. Restrict network access to the affected service where possible.
More in Impact Mobile
View allSame weakness CWE-94 – Code Injection
View allShare
External POC / Exploit Code
Leaving vuln.today