Solarwinds Network Performance Monitor : Security vulnerabilities, CVEs published in 2017

Copy

CVE-2017-9538

The 'Upload logo from external path' function of SolarWinds Network Performance Monitor version 12.0.15300.90 allows remote attackers to cause a denial of service (permanent display of a "Cannot exit above the top directory" error message throughout the entire web application) via a ".." in the path field. In other words, the denial of service is caused by an incorrect implementation of a directory-traversal protection mechanism.

Max CVSS

4.9

EPSS Score

0.18%

Published

2017-10-03

Updated

2018-10-09

CVE-2017-9537

Persistent cross-site scripting (XSS) in the Add Node function of SolarWinds Network Performance Monitor version 12.0.15300.90 allows remote attackers to introduce arbitrary JavaScript into various vulnerable parameters.

Max CVSS

4.8

EPSS Score

0.07%

Published

2017-10-03

Updated

2018-10-09

2 vulnerabilities found

This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!