Vulnerability Description: Absolute Path Traversal - CWE-36
Software Version: R14.2
NIST: https://nvd.nist.gov/vuln/detail/CVE-2022-40715
CVSv3: 6.5
Severity: Medium
Credits: Luca Carbone, Fabio Romano, Stefano Scipioni, Massimiliano Brolli
An issue was discovered in NOKIA 1350OMS R14.2. An Absolute Path Traversal vulnerability exists for a specific endpoint via the logfile parameter, allowing a remote authenticated attacker to read files on the filesystem arbitrarily.