Vulnerability Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') - CWE-89
Software Version: NOKIA Imapct 19.11.2.10-20210118042150283
NIST: https://nvd.nist.gov/vuln/detail/CVE-2021-35484
CVSS:
Severity:
Credits: Francesco Giordano, Veno Eivazian, Massimiliano Brolli
An authenticated user can perform a Time-based Boolean Blind SQL Injection attack to access sensitive data on the database and obtain access to database user, database name and version.