CVE-2012-2602

Currently unrated

Key Information:

Vendor
Solarwinds
Status
Orion Network Performance Monitor
Vendor
CVE Published:
12 August 2012

Summary

Multiple cross-site request forgery (CSRF) vulnerabilities in SolarWinds Orion Network Performance Monitor (NPM) before 10.3.1 allow remote attackers to hijack the authentication of administrators for requests that (1) create user accounts via CreateUserStepContainer actions to Admin/Accounts/Add/OrionAccount.aspx or (2) modify account privileges via a ynAdminRights action to Admin/Accounts/EditAccount.aspx.

References

http://www.kb.cert.org/vuls/id/174119
third-party-advisoryx_refsource_CERT-VN
http://www.solarwinds.com/documentation/Orion/docs/Releas...
x_refsource_MISC
http://secunia.com/advisories/50004
third-party-advisoryx_refsource_SECUNIA

Timeline

  • Vulnerability Reserved

  • Vulnerability published

.