CVE-2017-9538

EPSS 5.63%
Veröffentlicht 03.10.2017 01:29:03
Zuletzt bearbeitet 20.04.2025 01:37:25
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

The 'Upload logo from external path' function of SolarWinds Network Performance Monitor version 12.0.15300.90 allows remote attackers to cause a denial of service (permanent display of a "Cannot exit above the top directory" error message throughout the entire web application) via a ".." in the path field. In other words, the denial of service is caused by an incorrect implementation of a directory-traversal protection mechanism.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Solarwinds ≫ Network Performance Monitor Version <= 12.0.15300.90

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	5.63%	0.893

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	4.9	1.2	3.6	CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov	4	8	2.9	AV:N/AC:L/Au:S/C:N/I:N/A:P

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://www.securityfocus.com/archive/1/541263/100/0/threaded

http://www.securityfocus.com/bid/101066

Third Party Advisory

VDB Entry

https://nvd.nist.gov/vuln/detail/CVE-2017-9538

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2017-9538

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2017-9538

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2017-9538