CVE-2012-4939

Cross-site scripting (XSS) vulnerability in IPAMSummaryView.aspx in the IPAM web interface before 3.0-HotFix1 in SolarWinds Orion Network Performance Monitor might allow remote attackers to inject arbitrary web script or HTML via the "Search for an IP address" field.

CVSS v2.0 4.3 MEDIUM

4.3^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://www.kb.cert.org/vuls/id/203844	Exploit US Government Resource

Advertisement

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:solarwinds:orion_network_performance_monitor:10.2.1:::::::*
	cpe:2.3:a:solarwinds:orion_network_performance_monitor:10.2.2:::::::*
	cpe:2.3:a:solarwinds:orion_network_performance_monitor:10.3:::::::*
	cpe:2.3:a:solarwinds:orion_network_performance_monitor:10.3.1:::::::*
	cpe:2.3:a:solarwinds:orion_network_performance_monitor:10.0:::::::*
	cpe:2.3:a:solarwinds:orion_network_performance_monitor:10.1.13.0:::::::*
	cpe:2.3:a:solarwinds:ip_address_manager_web_interface::::::::
	cpe:2.3:a:solarwinds:orion_network_performance_monitor:10.1:::::::*
	cpe:2.3:a:solarwinds:orion_network_performance_monitor:10.2:::::::*
	cpe:2.3:a:solarwinds:orion_network_performance_monitor:-:::::::*

Information

Published : 2012-10-31 12:55

Updated : 2012-11-01 21:00

NVD link : CVE-2012-4939

Mitre link : CVE-2012-4939

JSON object : View

CWE

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Advertisement

Products Affected

solarwinds

ip_address_manager_web_interface
orion_network_performance_monitor

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.kb.cert.org/vuls/id/203844", "name": "VU#203844", "tags": ["Exploit", "US Government Resource"], "refsource": "CERT-VN"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in IPAMSummaryView.aspx in the IPAM web interface before 3.0-HotFix1 in SolarWinds Orion Network Performance Monitor might allow remote attackers to inject arbitrary web script or HTML via the \"Search for an IP address\" field."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-79"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2012-4939", "ASSIGNER": "cert@cert.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "severity": "MEDIUM", "impactScore": 2.9, "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}}, "publishedDate": "2012-10-31T19:55Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:solarwinds:orion_network_performance_monitor:10.2.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:solarwinds:orion_network_performance_monitor:10.2.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:solarwinds:orion_network_performance_monitor:10.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:solarwinds:orion_network_performance_monitor:10.3.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:solarwinds:orion_network_performance_monitor:10.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:solarwinds:orion_network_performance_monitor:10.1.13.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:solarwinds:ip_address_manager_web_interface:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "3.0"}, {"cpe23Uri": "cpe:2.3:a:solarwinds:orion_network_performance_monitor:10.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:solarwinds:orion_network_performance_monitor:10.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:solarwinds:orion_network_performance_monitor:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2012-11-02T04:00Z"}