Multiple cross-site request forgery (CSRF) vulnerabilities in SolarWinds Orion Network Performance Monitor (NPM) prior to 10.3.1 allow remote malicious users to hijack the authentication of administrators for requests that (1) create user accounts via CreateUserStepContainer actions to Admin/Accounts/Add/OrionAccount.aspx or (2) modify account privileges via a ynAdminRights action to Admin/Accounts/EditAccount.aspx.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
solarwinds orion network performance monitor 10.1.13.0 |
||
solarwinds orion network performance monitor |