CBIS/NCS Manager

CVEs (2)

CVE	Vendor / Product	Sev	Risk	CVSS	EPSS	KEV	Published	Description
CVE-2023-49564	Nokia CBIS/NCS Manager	Hig	0.57	8.8	0.00		Sep 18, 2025	The CBIS/NCS Manager API is vulnerable to an authentication bypass. By sending a specially crafted HTTP header, an unauthenticated user can gain unauthorized access to API functions. This flaw allows attackers to reach restricted or sensitive endpoints of the HTTP API without…
CVE-2023-49565	Nokia CBIS/NCS Manager	Hig	0.55	8.4	0.01		Sep 18, 2025	The cbis_manager Podman container is vulnerable to remote command execution via the /api/plugins endpoint. Improper sanitization of the HTTP Headers X-FILENAME, X-PAGE, and X-FIELD allows for command injection. These headers are directly utilized within the subprocess.Popen…

CVE-2023-49564HigSep 18, 2025
Nokia
CBIS/NCS Manager
risk 0.57cvss 8.8epss 0.00
The CBIS/NCS Manager API is vulnerable to an authentication bypass. By sending a specially crafted HTTP header, an unauthenticated user can gain unauthorized access to API functions. This flaw allows attackers to reach restricted or sensitive endpoints of the HTTP API without…
CVE-2023-49565HigSep 18, 2025
Nokia
CBIS/NCS Manager
risk 0.55cvss 8.4epss 0.01
The cbis_manager Podman container is vulnerable to remote command execution via the /api/plugins endpoint. Improper sanitization of the HTTP Headers X-FILENAME, X-PAGE, and X-FIELD allows for command injection. These headers are directly utilized within the subprocess.Popen…