Nokia Product Security Advisory
Nokia PSIRT publishes security vulnerability advisories in response to responsible disclosure or events of significant public attention.
Support for Nokia customers impacted by a security issue is handled through Nokia's Customer Support Service. Customers are thus advised to contact their Nokia Support or Customer team representatives.
Nokia PSIRT can be reached on PSIRT, Security (Nokia - Global) for any queries related to publications on this page.
CVE |
Synopsis |
Publish date |
|---|---|---|
Insufficient Validation of Input while user creation |
21-07-2025 |
|
Access to local file system and its content |
21-07-2025 |
|
Insufficient Validation of Input in the URL |
21-07-2025 |
|
SOAP message input validation fault could in theory cause OAM service resource exhaustion |
02-07-2025 |
|
The Nokia Single RAN baseband reveals its software version through the MNO internal RAN management network |
02-07-2025 |
|
Administrative user shell input validation fault |
02-07-2025 |
|
Authenticated admin user can connect baseband internally from one board to another without needing to re-authentication |
02-07-2025 |
|
Nokia Single RAN baseband OAM service extensive capabilities |
02-07-2025 |
|
OAM service path traversal issue caused by a crafted SOAP message PlanId field within the RAN management network |
02-07-2025 |
|
OAM service path traversal issue caused by a crafted SOAP message archive field within the RAN management network |
02-07-2025 |
|
OAM service stack overflow caused by crafted SOAP message within the MNO internal RAN management network |
02-07-2025 |
|
Unauthorized File Operations Due to Improper Permissions in TNMS WebDAV Service |
03-06-2025 |
|
Unauthorized SFTP File Modifications in TNMS Installation Folders |
03-06-2025 |
|
Cleartext storage of passwords in Infinera TNMS (Transcend Network Management System) XML file |
03-06-2025 |
|
Nokia SR OS: BOF File Encryption Vulnerability |
17-10-2024 |
|
Nokia SR OS: File Access Security Vulnerability |
17-10-2024 |
|
Nokia BTS service operation log information disclosure |
16-09-2024 |
|
Improper access control in Nokia WaveLite Metro 200 |
02-10-2023 |
|
Improper access control with Nokia Web Element Manager |
13-06-2023 |
|
A Stored Cross-Site Scripting (XSS) vulnerability in Nokia NetAct |
28-02-2023 |
|
A Cross Site Template Injection vulnerability in Nokia NetAct |
28-02-2023 |
|
A Stored Cross-Site Scripting (XSS) vulnerability in Nokia NetAct |
28-02-2023 |
|
A XML External Entity (XXE) Vulnerability in Nokia NetAct |
28-02-2023 |
|
A XML External Entity (XXE) vulnerability in Nokia NetAct |
28-02-2023 |
|
Unnecessary privileges on services of Nokia ASIKA |
20-02-2023 |
|
A Hard-coded private key disclosure in Nokia ASIKA |
20-02-2023 |
|
Relative Path Traversal vulnerability in Nokia ASIKA |
20-02-2023 |
|
Privilege escalation in multiple services of Nokia ASIKA |
20-02-2023 |