CVE-2012-2602

Multiple cross-site request forgery (CSRF) vulnerabilities in SolarWinds Orion Network Performance Monitor (NPM) before 10.3.1 allow remote attackers to hijack the authentication of administrators for requests that (1) create user accounts via CreateUserStepContainer actions to Admin/Accounts/Add/OrionAccount.aspx or (2) modify account privileges via a ynAdminRights action to Admin/Accounts/EditAccount.aspx.
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

OR cpe:2.3:a:solarwinds:orion_network_performance_monitor:10.1.13.0:*:*:*:*:*:*:*
cpe:2.3:a:solarwinds:orion_network_performance_monitor:*:*:*:*:*:*:*:*

Information

Published : 2012-08-12 09:55

Updated : 2012-08-12 21:00


NVD link : CVE-2012-2602

Mitre link : CVE-2012-2602


JSON object : View

CWE
CWE-352

Cross-Site Request Forgery (CSRF)

Advertisement

dedicated server usa

Products Affected

solarwinds

  • orion_network_performance_monitor