Vulnerability Details CVE-2017-9538
The 'Upload logo from external path' function of SolarWinds Network Performance Monitor version 12.0.15300.90 allows remote attackers to cause a denial of service (permanent display of a "Cannot exit above the top directory" error message throughout the entire web application) via a ".." in the path field. In other words, the denial of service is caused by an incorrect implementation of a directory-traversal protection mechanism.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.056
EPSS Ranking 89.9%
CVSS Severity
CVSS v3 Score 4.9
CVSS v2 Score 4.0
References
Products affected by CVE-2017-9538
-
cpe:2.3:a:solarwinds:network_performance_monitor:12.0
-
cpe:2.3:a:solarwinds:network_performance_monitor:12.0.1
-
cpe:2.3:a:solarwinds:network_performance_monitor:12.0.15300.90