| CVE # | Advisory name | Product(s) | Severity | Last Updated | ||
|---|---|---|---|---|---|---|
| CVE-2022-44718 | Open Redirection | nGeniusONE | Low | |||
|
Open Redirection CVE-2022-44718 Related Product(s): nGeniusONE First Published: SummaryNETSCOUT Systems in nGeniusONE version 6.3.2 build 904 allows an Open Redirection vulnerability. Fixed SoftwareCustomers should install patch 6.3.3 P3 B1090 to eliminate this vulnerability. The patch is available on My NETSCOUT account page or may be obtained by contacting NETSCOUT support at 1-800-708-4784. Please note all future versions include this fix. |
||||||
| CVE-2022-44717 | Open Redirection | nGeniusONE | Low | |||
|
Open Redirection CVE-2022-44717 Related Product(s): nGeniusONE First Published: SummaryNETSCOUT Systems in nGeniusONE version 6.3.2 build 904 allows an Open Redirection vulnerability. Fixed SoftwareCustomers should install patch 6.3.3 P3 B1090 to eliminate this vulnerability. The patch is available on My NETSCOUT account page or may be obtained by contacting NETSCOUT support at 1-800-708-4784. Please note all future versions include this fix. |
||||||
| CVE-2022-44715 | Improper File Permissions | nGeniusONE | High | |||
|
Improper File Permissions CVE-2022-44715 Related Product(s): nGeniusONE First Published: SummaryNETSCOUT Systems in nGeniusONE version 6.3.2 build 904 allows an Improper File Permissions vulnerability. Fixed SoftwareCustomers should install patch 6.3.2 P13 B947 to eliminate this vulnerability. The patch is available on My NETSCOUT account page or may be obtained by contacting NETSCOUT support at 1-800-708-4784. Please note all future versions include this fix. |
||||||
| CVE-2022-44029 | Cross-Site Scripting (XSS) | nGeniusONE | Medium | |||
|
Cross-Site Scripting (XSS) CVE-2022-44029 Related Product(s): nGeniusONE First Published: SummaryNETSCOUT Systems in nGeniusONE version 6.3.2 build 904 allows an Reflected Cross-Site scripting vulnerability. Fixed SoftwareCustomers should install patch 6.3.2 P10 B938 to eliminate this vulnerability. The patch is available on My NETSCOUT account page or may be obtained by contacting NETSCOUT support at 1-800-708-4784. Please note all future versions include this fix. |
||||||
| CVE-2022-44028 | Cross-Site Scripting (XSS) | nGeniusONE | Medium | |||
|
Cross-Site Scripting (XSS) CVE-2022-44028 Related Product(s): nGeniusONE First Published: SummaryNETSCOUT Systems in nGeniusONE version 6.3.2 build 904 allows an Reflected Cross-Site scripting vulnerability. Fixed SoftwareCustomers should install patch 6.3.2 P10 B938 to eliminate this vulnerability. The patch is available on My NETSCOUT account page or may be obtained by contacting NETSCOUT support at 1-800-708-4784. Please note all future versions include this fix. |
||||||
| CVE-2022-44027 | Cross-Site Scripting (XSS) | nGeniusONE | Medium | |||
|
Cross-Site Scripting (XSS) CVE-2022-44027 Related Product(s): nGeniusONE First Published: SummaryNETSCOUT Systems in nGeniusONE version 6.3.2 build 904 allows a Reflected Cross-Site scripting vulnerability. Fixed SoftwareCustomers should install patch 6.3.2 P10 B938 to eliminate this vulnerability. The patch is available on My NETSCOUT account page or may be obtained by contacting NETSCOUT support at 1-800-708-4784. Please note all future versions include this fix. |
||||||
| CVE-2022-44026 | Cross-Site Scripting (XSS) | nGeniusONE | Medium | |||
|
Cross-Site Scripting (XSS) CVE-2022-44026 Related Product(s): nGeniusONE First Published: SummaryNETSCOUT Systems in nGeniusONE version 6.3.2 build 904 allows a Reflected Cross-Site scripting vulnerability. Fixed SoftwareCustomers should install patch 6.3.2 P10 B938 to eliminate this vulnerability. The patch is available on My NETSCOUT account page or may be obtained by contacting NETSCOUT support at 1-800-708-4784. Please note all future versions include this fix. |
||||||
| CVE-2022-44025 | Cross-Site Scripting (XSS) | nGeniusONE | Medium | |||
|
Cross-Site Scripting (XSS) CVE-2022-44025 Related Product(s): nGeniusONE First Published: SummaryNETSCOUT Systems in nGeniusONE version 6.3.2 build 904 allows a Reflected Cross-Site scripting vulnerability. Fixed SoftwareCustomers should install patch 6.3.2 P10 B938 to eliminate this vulnerability. The patch is available on My NETSCOUT account page or may be obtained by contacting NETSCOUT support at 1-800-708-4784. Please note all future versions include this fix. |
||||||
| CVE-2022-44024 | Cross-Site Scripting (XSS) | nGeniusONE | Medium | |||
|
Cross-Site Scripting (XSS) CVE-2022-44024 Related Product(s): nGeniusONE First Published: SummaryNETSCOUT Systems in nGeniusONE version 6.3.2 build 904 allows a Reflected Cross-Site scripting vulnerability. Fixed SoftwareCustomers should install patch 6.3.2 P10 B938 to eliminate this vulnerability. The patch is available on My NETSCOUT account page or may be obtained by contacting NETSCOUT support at 1-800-708-4784. Please note all future versions include this fix. |
||||||
| CVE-2021-45983 | Java RMI Remote Code Execution | nGeniusONE | Critical | |||
|
Java RMI Remote Code Execution CVE-2021-45983 Related Product(s): nGeniusONE First Published: SummaryNETSCOUT Systems nGeniusONE version 6.3.2 build 904 allows Java RMI Code Execution attacks. Attack complexity is high. Privileges required none. User interaction required and scope is unchanged. NetScout Systems would like to acknowledge Lukasz Plonka for reporting CVE-2021-45982 to techsupport@netscout.com Fixed SoftwareCustomers should install 6.3.2 P12 to eliminate this vulnerability. The patch is available on My NETSCOUT account page or may be obtained by contacting NETSCOUT support at 1-800-708-4784. Please note all future versions include this fix. |
||||||
| CVE-2021-45981 | XML External Entity (XXE) | nGeniusONE | Critical | |||
|
XML External Entity (XXE) CVE-2021-45981 Related Product(s): nGeniusONE First Published: SummaryNETSCOUT Systems in nGeniusONE version 6.3.2 build 904 allows XML External Entity (XXE) attacks. Attack complexity is high. Privileges required none. User interaction required and scope is unchanged. NetScout Systems would like to acknowledge Lukasz Plonka for reporting CVE-2021-45981 to techsupport@netscout.com Fixed SoftwareCustomers should install patch 6.3.2 P12 to eliminate this vulnerability. The patch is available on My NETSCOUT account page or may be obtained by contacting NETSCOUT support at 1-800-708-4784. Please note all future versions include this fix. |
||||||
| CVE-2021-45982 | Arbitrary File Upload | nGeniusONE | High | |||
|
Arbitrary File Upload CVE-2021-45982 Related Product(s): nGeniusONE First Published: SummaryNETSCOUT Systems in nGeniusONE version 6.3.2 build 904 allows an Arbitrary File Upload vulnerability. Attack complexity is high. Privileges required low. User interaction required and scope is unchanged. NetScout Systems would like to acknowledge Lukasz Plonka for reporting CVE-2021-45982 to techsupport@netscout.com Fixed SoftwareCustomers should install patch 6.3.2 P10 to eliminate this vulnerability. The patch is available on My NETSCOUT account page or may be obtained by contacting NETSCOUT support at 1-800-708-4784. Please note all future versions include this fix. |
||||||
| CVE-2021-35205 | Open Redirection | nGeniusONE | Medium | |||
|
Open Redirection CVE-2021-35205 Related Product(s): nGeniusONE First Published: SummaryNETSCOUT Systems nGeniusONE version 6.3.0 build 1196 allows URL redirection in redirector. The Attack complexity is low, and the privileges required are also low. User Interaction required, and Scope is unchanged。 Fixed SoftwareCustomers should request a patch 6.3.2 FCS B426 to eliminate this vulnerability. This is available on the My NETSCOUT page or may be obtained by contacting NETSCOUT support at 1-800-708-4784. Please note that all future versions include this fix. |
||||||
| CVE-2021-35204 | Cross-Site Scripting (XSS) | nGeniusONE | Medium | |||
|
Cross-Site Scripting (XSS) CVE-2021-35204 Related Product(s): nGeniusONE First Published: SummaryNETSCOUT Systems nGeniusONE version 6.3.0 build 1196 allows Reflected Cross-Site Scripting (XSS) in the support endpoint. Attack Complexity required is low. Privileges required are low and User Interaction required, and Scope is unchanged. The victim has to click on the provided URL. Fixed SoftwareCustomers should request a patch 6.3.0 P6 B1413 to eliminate this vulnerability. This is available on the My NETSCOUT page or may be obtained by contacting NETSCOUT support at 1-800-708-4784. Please note that all future versions include this fix. |
||||||
| CVE-2021-35203 | Incorrect Access Control | nGeniusONE | Medium | |||
|
Incorrect Access Control CVE-2021-35203 Related Product(s): nGeniusONE First Published: SummaryNETSCOUT Systems nGeniusONE version 6.3.0 build 1196 allows Arbitrary File Read operations via the FDSQueryService endpoint. The attacker needs to send a specially crafted request with a parameter with the file name to read. The Attack Complexity is low, and the privileges required are low. User Interaction is required, and Scope is unchanged Fixed SoftwareCustomers should request a patch 6.3.0 P6 B1413 to eliminate this vulnerability. This is available on the My NETSCOUT page or may be obtained by contacting NETSCOUT support at 1-800-708-4784. Please note that all future versions include this fix. |
||||||
| CVE-2021-35202 | Insecure Permissions | nGeniusONE | Medium | |||
|
Insecure Permissions CVE-2021-35202 Related Product(s): nGeniusONE First Published: SummaryNETSCOUT Systems nGeniusONE version 6.3.0 build 1196 allows Authorization Bypass (to access an endpoint) in FDSQueryService. Attack Complexity is Low. The attacker can reach endpoints that are restricted. User Interaction is required, and Scope is unchanged。 Fixed SoftwareCustomers should request a patch 6.3.0 P6 B1413 to eliminate this vulnerability. This is available on the My NETSCOUT page or may be obtained by contacting NETSCOUT support at 1-800-708-4784. Please note that all future versions include this fix. |
||||||
| CVE-2021-35201 | XML External Entity (XXE) | nGeniusONE | Medium | |||
|
XML External Entity (XXE) CVE-2021-35201 Related Product(s): nGeniusONE First Published: SummaryNETSCOUT Systems NEI in nGeniusONE version 6.3.0 build 1196 allows XML External Entity (XXE) attacks. Attack Complexity is High, Privileges Required None, User Interaction Required and Scope is unchanged. Fixed SoftwareCustomers should request a patch 6.3.0 P4 B1406 to eliminate this vulnerability. This is available on the My NETSCOUT page or may be obtained by contacting NETSCOUT support at 1-800-708-4784. Please note that all future versions include this fix. |
||||||
| CVE-2021-35200 | Stored Cross-Site Scripting (XSS) | nGeniusONE | Medium | |||
|
Stored Cross-Site Scripting (XSS) CVE-2021-35200 Related Product(s): nGeniusONE First Published: SummaryNETSCOUT Systems nGeniusONE version 6.3.0 build 1196 has stored cross-site scripting in FDSQueryService vulnerability that a high-privileged user can exploit. This would require a user with high privileges. Attack complexity is High, and the Scope is Unchanged Fixed SoftwareCustomers should request a patch 6.3.0 P5 B1411 to eliminate this vulnerability. This is available on the My NETSCOUT page or may be obtained by contacting NETSCOUT support at 1-800-708-4784. Please note that all future versions include this fix. |
||||||
| CVE-2021-35199 | Stored Cross-Site Scripting (XSS) | nGeniusONE | Medium | |||
|
Stored Cross-Site Scripting (XSS) CVE-2021-35199 Related Product(s): nGeniusONE First Published: SummaryNETSCOUT Systems nGeniusONE version 6.3.0 build 1196 and earlier has stored cross-site scripting in Packet Analysis module Upload File vulnerability that a normal user can exploit. This requires a little crypto knowledge to exploit. The vulnerability exists in upload functionality. Fixed SoftwareCustomers should request a patch 6.3.0 P5 B1411 to eliminate this vulnerability. This is available on the My NETSCOUT page or may be obtained by contacting NETSCOUT support at 1-800-708-4784. Please note that all future versions include this fix. |
||||||
| CVE-2021-35198 | Stored Cross-Site Scripting (XSS) | nGeniusONE | Medium | |||
|
Stored Cross-Site Scripting (XSS) CVE-2021-35198 Related Product(s): nGeniusONE First Published: SummaryNETSCOUT Systems nGeniusONE version 6.3.0 build 1004, and earlier has a stored cross-site scripting vulnerability that a normal user can exploit. The user would need to visit a certain functionality in the packet module for the Stored XSS to get executed. Fixed SoftwareCustomers should request a patch 6.3.0 P5 B1411 to eliminate this vulnerability. This is available on the My NETSCOUT or may be obtained by contacting NETSCOUT support at 1-800-708-4784. Please note that all future versions include this fix |
||||||