CVE-2017-9538

Name of the Vulnerable Software and Affected Versions SolarWinds Network Performance Monitor version 12.0.15300.90

Description The issue is related to the 'Upload logo from external path' function, which allows remote attackers to cause a denial of service. This denial of service results in a permanent display of a "Cannot exit above the top directory" error message throughout the entire web application. The cause of the denial of service is an incorrect implementation of a directory-traversal protection mechanism, specifically when a ".." is used in the path field.

Recommendations For SolarWinds Network Performance Monitor version 12.0.15300.90, consider disabling the 'Upload logo from external path' function as a temporary workaround until a patch is available. Restrict access to this function to minimize the risk of exploitation. Avoid using the ".." in the path field in the affected function until the issue is resolved.