Cross site scripting

2021-10-2118:15:00

PRIOn knowledge base

www.prio-n.com

6.2 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

29.7%

JSON

Each authenticated Orion Platform user in a MSP (Managed Service Provider) environment can view and browse all NetPath Services from all that MSP’s customers. This can lead to any user having a limited insight into other customer’s infrastructure and potential data cross-contamination.

CPENameOperatorVersion
network_performance_monitorle2020.2.6
network_performance_monitoreq2020.2.6 hotfix1

CPE	Name	Operator	Version
	network_performance_monitor	le	2020.2.6
	network_performance_monitor	eq	2020.2.6 hotfix1

References

documentation.solarwinds.com/en/success_center/orionplatform/content/core-secure-configuration.htm

support.solarwinds.com/SuccessCenter/s/article/NPM-2020-2-6-Hotfix-2?language=en_US

www.solarwinds.com/trust-center/security-advisories/cve-2021-35225