CVE-2012-2602

Опубликовано: 12 авг. 2012

Источник: nvd

CVSS2: 6.8

EPSS Низкий

Описание

Multiple cross-site request forgery (CSRF) vulnerabilities in SolarWinds Orion Network Performance Monitor (NPM) before 10.3.1 allow remote attackers to hijack the authentication of administrators for requests that (1) create user accounts via CreateUserStepContainer actions to Admin/Accounts/Add/OrionAccount.aspx or (2) modify account privileges via a ynAdminRights action to Admin/Accounts/EditAccount.aspx.

Ссылки

http://osvdb.org/84116
http://secunia.com/advisories/50004
Vendor Advisory
http://www.exploit-db.com/exploits/20011
Exploit
http://www.kb.cert.org/vuls/id/174119
US Government Resource
http://www.securityfocus.com/bid/54624
Exploit
http://www.solarwinds.com/documentation/Orion/docs/ReleaseNotes/releaseNotes.htm
http://osvdb.org/84116
http://secunia.com/advisories/50004
Vendor Advisory
http://www.exploit-db.com/exploits/20011
Exploit
http://www.kb.cert.org/vuls/id/174119
US Government Resource
http://www.securityfocus.com/bid/54624
Exploit
http://www.solarwinds.com/documentation/Orion/docs/ReleaseNotes/releaseNotes.htm

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:solarwinds:orion_network_performance_monitor:*:*:*:*:*:*:*:*

Версия до 10.2.2 (включая)

cpe:2.3:a:solarwinds:orion_network_performance_monitor:10.1.13.0:*:*:*:*:*:*:*

EPSS

Процентиль: 92%

0.07935

Низкий

6.8 Medium

CVSS2

Дефекты

CWE-352

Связанные уязвимости

GHSA-xxm6-c9w6-3g54

github

около 3 лет назад