NetScout (formerly Network General) Visualizer V2100 and InfiniStream i1730 do not restrict access to ResourceManager/en_US/domains/add_domain.jsp, which allows remote attackers to gain administrator privileges via a direct request.
Max CVSS
7.5
EPSS Score
0.52%
Published
2009-04-10
Updated
2018-10-11
NETSCOUT AirMagnet Enterprise 11.1.4 build 37257 and earlier has a sensor escalated privileges vulnerability that can be exploited to provide someone with administrative access to a sensor, with credentials to invoke a command to provide root access to the operating system. The attacker must complete a straightforward password-cracking exercise.
Max CVSS
9.3
EPSS Score
0.24%
Published
2020-12-03
Updated
2021-07-21
NETSCOUT nGeniusONE 6.3.0 build 1004 and earlier allows Stored Cross-Site Scripting (XSS) in the Packet Analysis module.
Max CVSS
5.4
EPSS Score
0.05%
Published
2021-09-30
Updated
2021-10-04
NETSCOUT nGeniusONE 6.3.0 build 1196 and earlier allows Stored Cross-Site Scripting (XSS) in UploadFile.
Max CVSS
5.4
EPSS Score
0.05%
Published
2021-09-30
Updated
2021-10-04
NETSCOUT nGeniusONE 6.3.0 build 1196 allows high-privileged users to achieve Stored Cross-Site Scripting (XSS) in FDSQueryService.
Max CVSS
4.8
EPSS Score
0.05%
Published
2021-09-30
Updated
2021-10-04
NEI in NETSCOUT nGeniusONE 6.3.0 build 1196 allows XML External Entity (XXE) attacks.
Max CVSS
6.5
EPSS Score
0.15%
Published
2021-09-30
Updated
2021-10-04
NETSCOUT Systems nGeniusONE 6.3.0 build 1196 allows Authorization Bypass (to access an endpoint) in FDSQueryService.
Max CVSS
4.3
EPSS Score
0.07%
Published
2021-09-30
Updated
2022-07-12
NETSCOUT Systems nGeniusONE 6.3.0 build 1196 allows Arbitrary File Read operations via the FDSQueryService endpoint.
Max CVSS
5.7
EPSS Score
0.07%
Published
2021-09-30
Updated
2021-10-04
NETSCOUT Systems nGeniusONE 6.3.0 build 1196 allows Reflected Cross-Site Scripting (XSS) in the support endpoint.
Max CVSS
5.4
EPSS Score
0.05%
Published
2021-09-30
Updated
2021-10-04
NETSCOUT Systems nGeniusONE version 6.3.0 build 1196 allows URL redirection in redirector.
Max CVSS
5.4
EPSS Score
0.05%
Published
2021-09-30
Updated
2021-10-04
NetScout nGeniusONE 6.3.2 allows an XML External Entity (XXE) attack.
Max CVSS
9.8
EPSS Score
0.22%
Published
2022-06-02
Updated
2022-06-13
NetScout nGeniusONE 6.3.2 allows Arbitrary File Upload by a privileged user.
Max CVSS
8.8
EPSS Score
0.10%
Published
2022-06-02
Updated
2022-06-11
NetScout nGeniusONE 6.3.2 allows Java RMI Code Execution.
Max CVSS
9.8
EPSS Score
0.20%
Published
2022-06-02
Updated
2022-06-13
An issue was discovered in NetScout nGeniusONE 6.3.2 before P10. It allows Reflected Cross-Site Scripting (XSS), issue 1 of 6.
Max CVSS
6.1
EPSS Score
0.06%
Published
2023-01-27
Updated
2023-02-03
An issue was discovered in NetScout nGeniusONE 6.3.2 before P10. It allows Reflected Cross-Site Scripting (XSS), issue 2 of 6.
Max CVSS
6.1
EPSS Score
0.06%
Published
2023-01-27
Updated
2023-02-03
An issue was discovered in NetScout nGeniusONE 6.3.2 before P10. It allows Reflected Cross-Site Scripting (XSS), issue 3 of 6.
Max CVSS
6.1
EPSS Score
0.06%
Published
2023-01-27
Updated
2023-02-03
An issue was discovered in NetScout nGeniusONE 6.3.2 before P10. It allows Reflected Cross-Site Scripting (XSS), issue 4 of 6.
Max CVSS
6.1
EPSS Score
0.06%
Published
2023-01-27
Updated
2023-02-03
An issue was discovered in NetScout nGeniusONE 6.3.2 before P10. It allows Reflected Cross-Site Scripting (XSS), issue 5 of 6.
Max CVSS
6.1
EPSS Score
0.06%
Published
2023-01-27
Updated
2023-02-03
An issue was discovered in NetScout nGeniusONE 6.3.2 before P10. It allows Reflected Cross-Site Scripting (XSS), issue 6 of 6.
Max CVSS
6.1
EPSS Score
0.06%
Published
2023-01-27
Updated
2023-02-03
Improper File Permissions in NetScout nGeniusONE 6.3.2 build 904 allows authenticated remote users to gain permissions via a crafted payload.
Max CVSS
8.8
EPSS Score
0.16%
Published
2023-01-27
Updated
2023-02-06
An issue was discovered in NetScout nGeniusONE 6.3.2 build 904. Open Redirection can occur (issue 1 of 2). After successful login, an attacker must visit the vulnerable parameter and inject a crafted payload to successfully redirect to an unknown host. The attack vector is Network, and the Attack Complexity required is High. Privileges required are administrator, User Interaction is required, and Scope is unchanged. The user must visit the vulnerable parameter and inject a crafted payload to successfully redirect to an unknown host.
Max CVSS
3.1
EPSS Score
0.05%
Published
2023-01-27
Updated
2023-02-07
An issue was discovered in NetScout nGeniusONE 6.3.2 build 904. Open Redirection can occur (issue 2 of 2). After successful login, an attacker must visit the vulnerable parameter and inject a crafted payload to successfully redirect to an unknown host. The attack vector is Network, and the Attack Complexity required is High. Privileges required are administrator, User Interaction is required, and Scope is unchanged. The user must visit the vulnerable parameter and inject a crafted payload to successfully redirect to an unknown host.
Max CVSS
3.5
EPSS Score
0.05%
Published
2023-01-27
Updated
2023-02-07
Cross Site Scripting vulnerability found in NetScoutnGeniusOne v.6.3.4 allows a remote attacker to execute arbitrary code via the creator parameter of the Alert Configuration page.
Max CVSS
5.4
EPSS Score
0.12%
Published
2024-01-09
Updated
2024-01-11
An issue found in NetScout nGeniusOne v.6.3.4 allows a remote attacker to execute arbitrary code and cause a denial of service via a crafted file.
Max CVSS
9.8
EPSS Score
0.38%
Published
2024-01-09
Updated
2024-01-11
Cross Site Scripting vulnerability found in NetScoutnGeniusOne v.6.3.4 allows a remote attacker to execute arbitrary code via the name parameter of the Profile and Exclusion List page(s).
Max CVSS
6.1
EPSS Score
0.18%
Published
2024-01-09
Updated
2024-01-11
32 vulnerabilities found
1 2
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!