CVE-2022-39821 Information

Description

In NOKIA 1350 OMS R14.2 an Insertion of Sensitive Information into an Application Log File vulnerability occurs under /usr/Systems/OTNE_1_14_Master/maintenance/trace/web/.otn.default.log. The web application stores critical information such as cleartext user credentials in world-readable files in the filesystem.

Reference

https://www.gruppotim.it/it/footer/red-team.html