CVE-2012-2577

Name of the Vulnerable Software and Affected Versions SolarWinds Orion Network Performance Monitor versions prior to 10.3.1

Description The issue concerns multiple cross-site scripting (XSS) vulnerabilities. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML via specific fields of an snmpd.conf file, including the syslocation, syscontact, or sysName field.

Recommendations For versions prior to 10.3.1, update to version 10.3.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the snmpd.conf file and its related fields, such as syslocation, syscontact, and sysName, to minimize the risk of exploitation.