Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-2577

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2012-2577
Last Modified 13 Aug 2012 12:00:00
Published 12 Aug 2012 12:55:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2012-2577

Summary

Multiple cross-site scripting (XSS) vulnerabilities in SolarWinds Orion Network Performance Monitor (NPM) before 10.3.1 allow remote attackers to inject arbitrary web script or HTML via the (1) syslocation, (2) syscontact, or (3) sysName field of an snmpd.conf file.

Vulnerable Systems

Application

  • Solarwinds Orion Network Performance Monitor 10.0

  • Solarwinds Orion Network Performance Monitor 10.1

  • Solarwinds Orion Network Performance Monitor 10.2

  • Solarwinds Orion Network Performance Monitor 7.8.5

  • Solarwinds Orion Network Performance Monitor 8.5

  • Solarwinds Orion Network Performance Monitor 8.5.1

  • Solarwinds Orion Network Performance Monitor 9.0

  • Solarwinds Orion Network Performance Monitor 9.1

  • Solarwinds Orion Network Performance Monitor 9.5.1


References

CERT-VN - VU#174119

XF - orionnetwork-snmpdconf-csrf(77147)

CONFIRM - http://www.solarwinds.com/documentation/Orion/docs/ReleaseNotes/releaseNotes.htm

BID - 54624

SECUNIA - 50004


Last Updated: 27 May 2016 10:55:02