Security Advisory

CVE-2021-35486

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2026-03-03 00:00:00

Last updated 2026-03-04 15:16:03

Assigner mitre

State PUBLISHED

Description

A Cross-Site Request Forgery (CSRF) vulnerability in Nokia IMPACT through 19.11.2.10-20210118042150283 allows a remote attacker to import and overwrite the entire application configuration. Specifically, in /ui/rest-proxy/entity/import, neither the X-CSRF-NONCE HTTP header nor the CSRF-NONCE cookie is validated.

← Browse all CVEs View on cve.org ↗