importdanax.blogg.se - Orion solarwinds network performance monitor

#ORION SOLARWINDS NETWORK PERFORMANCE MONITOR FULL#
#ORION SOLARWINDS NETWORK PERFORMANCE MONITOR CODE#

A remote attacker can gain unauthorized access to sensitive information in the context of SYSTEM account. The vulnerability exists due to excessive data output by the application within ExportToPDF.aspx in SolarWinds Network Performance Monitor. The vulnerability allows a remote attacker to gain access to potentially sensitive information. We are not aware of malware exploiting this vulnerability.ĬVSSv3.1: 7.5 Is there known malware, which exploits this vulnerability? The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability. How the attacker can exploit this vulnerability? This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

#ORION SOLARWINDS NETWORK PERFORMANCE MONITOR FULL#

Full software list in CPE2.3 format available after registration.Ĭan this vulnerability be exploited remotely?.

#ORION SOLARWINDS NETWORK PERFORMANCE MONITOR CODE#

Successful exploitation of the vulnerability can lead to arbitrary code execution in the context of SYSTEM account. A remote user can send a specially crafted HTTP request and create arbitrary files on the system in arbitrary directories. The vulnerability exists due to input validation error when processing directory traversal sequences within VulnerabilitySettings.aspx in SolarWinds Network Performance Monitor. The vulnerability allows a remote user to perform directory traversal attacks. CVSSv3.1: 7.6 ĬWE-ID: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')