CVE-2012-2602

Exploit

EPSS 7.94%
Veröffentlicht 12.08.2012 16:55:00
Zuletzt bearbeitet 11.04.2025 00:51:21
Quelle cret@cert.org
CVE-Watchlists
Login
Unerledigt
Login

Multiple cross-site request forgery (CSRF) vulnerabilities in SolarWinds Orion Network Performance Monitor (NPM) before 10.3.1 allow remote attackers to hijack the authentication of administrators for requests that (1) create user accounts via CreateUserStepContainer actions to Admin/Accounts/Add/OrionAccount.aspx or (2) modify account privileges via a ynAdminRights action to Admin/Accounts/EditAccount.aspx.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 9

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Solarwinds ≫ Orion Network Performance Monitor Version <= 10.2.2

Solarwinds ≫ Orion Network Performance Monitor Version10.1.13.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	7.94%	0.912

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.8	8.6	6.4	AV:N/AC:M/Au:N/C:P/I:P/A:P

CWE-352 Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

http://secunia.com/advisories/50004

Vendor Advisory

http://www.kb.cert.org/vuls/id/174119

US Government Resource

http://www.securityfocus.com/bid/54624

Exploit

http://www.solarwinds.com/documentation/Orion/docs/ReleaseNotes/releaseNotes.htm

http://osvdb.org/84116

http://www.exploit-db.com/exploits/20011

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2012-2602

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2012-2602

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2012-2602

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2012-2602