// For flags

CVE-2012-2602

SolarWinds Orion Network Performance Monitor 10.2.2 - Multiple Vulnerabilities

Severity Score

6.8
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

3
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Multiple cross-site request forgery (CSRF) vulnerabilities in SolarWinds Orion Network Performance Monitor (NPM) before 10.3.1 allow remote attackers to hijack the authentication of administrators for requests that (1) create user accounts via CreateUserStepContainer actions to Admin/Accounts/Add/OrionAccount.aspx or (2) modify account privileges via a ynAdminRights action to Admin/Accounts/EditAccount.aspx.

Múltiples vulnerabilidades de falsificación de peticiones en sitios cruzados (CSRF) en SolarWinds Orion Network Performance Monitor (NPM) antes de v10.3.1 permiten a atacantes remotos secuestrar la autentificación de los administradores para las peticiones que (1) crean cuentas de usuario a través de acciones CreateUserStepContainer a Admin/Cuentas/Agregar/OrionAccount.aspx o (2) modifican los privilegios de una cuenta a través de una acción ynAdminRights a Admin/accounts/EditAccount.aspx.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Medium
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2012-05-09 CVE Reserved
  • 2012-07-21 First Exploit
  • 2012-08-12 CVE Published
  • 2024-09-16 CVE Updated
  • 2024-09-17 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-352: Cross-Site Request Forgery (CSRF)
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Solarwinds
Search vendor "Solarwinds"
Orion Network Performance Monitor
Search vendor "Solarwinds" for product "Orion Network Performance Monitor"
<= 10.2.2
Search vendor "Solarwinds" for product "Orion Network Performance Monitor" and version " <= 10.2.2"
-
Affected
Solarwinds
Search vendor "Solarwinds"
Orion Network Performance Monitor
Search vendor "Solarwinds" for product "Orion Network Performance Monitor"
10.1.13.0
Search vendor "Solarwinds" for product "Orion Network Performance Monitor" and version "10.1.13.0"
-
Affected