CSRF in Solarwinds Orion_network_performance_monitor

CVE-2012-2602

Multiple cross-site request forgery (CSRF) vulnerabilities in SolarWinds Orion Network Performance Monitor (NPM) before 10.3.1 allow remote attackers to hijack the authentication of administrators for requests that (1) create user accounts…

Vulnerability class: CSRF (Cross-Site Request Forgery)

EPSS: 0.087 (92.6th percentile) — read the EPSS interpretation.

Affected products

Solarwinds Orion_network_performance_monitor — versions 10.1.13.0
N/a — versions n/a

Weakness classification (CWE)

CWE-352 — Cross-Site Request Forgery (CSRF)

References

VU#174119 (x_refsource_CERT-VN, US Government Resource, third-party-advisory)
cret@cert.org (x_refsource_MISC)
50004 (x_refsource_SECUNIA, third-party-advisory, Vendor Advisory)
54624 (Exploit, vdb-entry, x_refsource_BID)
20011 (Exploit, exploit, x_refsource_EXPLOIT-DB)
84116 (x_refsource_OSVDB, vdb-entry)