Solarwinds: >> Network Performance Monitor >> 12.0 Security Vulnerabilities
Each authenticated Orion Platform user in a MSP (Managed Service Provider) environment can view and browse all NetPath Services from all that MSP's customers. This can lead to any user having a limited insight into other customer's infrastructure and potential data cross-contamination.
CVSS Score
5.0
EPSS Score
0.017
Published
2021-10-21
SolarWinds Network Performance Monitor 12.3 allows SQL Injection via the /api/ActiveAlertsOnThisEntity/GetActiveAlerts TriggeringObjectEntityNames parameter.
CVSS Score
8.8
EPSS Score
0.007
Published
2019-07-16
The 'Upload logo from external path' function of SolarWinds Network Performance Monitor version 12.0.15300.90 allows remote attackers to cause a denial of service (permanent display of a "Cannot exit above the top directory" error message throughout the entire web application) via a ".." in the path field. In other words, the denial of service is caused by an incorrect implementation of a directory-traversal protection mechanism.
CVSS Score
4.9
EPSS Score
0.056
Published
2017-10-03