PT-2017-19003 · Solarwinds · Solarwinds Network Performance Monitor

Published

2017-10-02

Updated

2018-10-09

CVE-2017-9537

CVSS v3.1

4.8

Medium

Vector

AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions SolarWinds Network Performance Monitor version 12.0.15300.90

Description The issue concerns a persistent cross-site scripting (XSS) flaw in the Add Node function. This allows remote attackers to introduce arbitrary JavaScript into various vulnerable parameters.

Recommendations For SolarWinds Network Performance Monitor version 12.0.15300.90, consider disabling the Add Node function until a patch is available to prevent exploitation of the XSS flaw.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2017-9537

Affected Products

Solarwinds Network Performance Monitor

PT-2017-19003 · Solarwinds · Solarwinds Network Performance Monitor

CVE-2017-9537

Weakness Enumeration

Related Identifiers

Affected Products

References · 4