CVE-2023-31044
EUVD-2023-3538103.03.2026, 18:16
An issue was discovered in Nokia Impact before Mobile 23_FP1. In Impact DM 19.11 onwards, a remote authenticated user, using the Add Campaign functionality, can inject a malicious payload within the Campaign Name. This data can be exported to a CSV file. Attackers can populate data fields that may attempt data exfiltration or other malicious activity when automatically executed by the spreadsheet software.
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| nokia | impact_mobile | 19.11 ≤ 𝑥 ≤ 23 |
𝑥
= Vulnerable software versions