VYPR

Vendor CVEs

Netscout

All CVEs

42 total · sorted by risk
  • CVE-2025-32985CriApr 25, 2025
    risk 0.64cvss 9.8epss 0.00

    NETSCOUT nGeniusONE before 6.4.0 b2350 has Hardcoded Credentials that can be obtained from JAR files.

  • CVE-2025-32980CriApr 25, 2025
    risk 0.64cvss 9.8epss 0.00

    NETSCOUT nGeniusONE before 6.4.0 P11 b3245 has a Weak Sudo Configuration.

  • CVE-2023-26999CriJan 9, 2024
    risk 0.64cvss 9.8epss 0.01

    An issue found in NetScout nGeniusOne v.6.3.4 allows a remote attacker to execute arbitrary code and cause a denial of service via a crafted file.

  • CVE-2023-40301CriDec 7, 2023
    risk 0.64cvss 9.8epss 0.01

    NETSCOUT nGeniusPULSE 3.8 has a Command Injection Vulnerability.

  • CVE-2023-40300CriDec 7, 2023
    risk 0.64cvss 9.8epss 0.01

    NETSCOUT nGeniusPULSE 3.8 has a Hardcoded Cryptographic Key.

  • CVE-2021-45983CriJun 2, 2022
    risk 0.64cvss 9.8epss 0.01

    NetScout nGeniusONE 6.3.2 allows Java RMI Code Execution.

  • CVE-2021-45981CriJun 2, 2022
    risk 0.64cvss 9.8epss 0.01

    NetScout nGeniusONE 6.3.2 allows an XML External Entity (XXE) attack.

  • CVE-2023-40302CriDec 7, 2023
    risk 0.59cvss 9.1epss 0.01

    NETSCOUT nGeniusPULSE 3.8 has Weak File Permissions Vulnerability

  • CVE-2022-44715HigJan 27, 2023
    risk 0.57cvss 8.8epss 0.01

    Improper File Permissions in NetScout nGeniusONE 6.3.2 build 904 allows authenticated remote users to gain permissions via a crafted payload.

  • CVE-2021-45982HigJun 2, 2022
    risk 0.57cvss 8.8epss 0.01

    NetScout nGeniusONE 6.3.2 allows Arbitrary File Upload by a privileged user.

  • CVE-2020-28251HigDec 3, 2020
    risk 0.53cvss 8.1epss 0.01

    NETSCOUT AirMagnet Enterprise 11.1.4 build 37257 and earlier has a sensor escalated privileges vulnerability that can be exploited to provide someone with administrative access to a sensor, with credentials to invoke a command to provide root access to the operating system. The…

  • CVE-2025-32986HigApr 25, 2025
    risk 0.49cvss 7.5epss 0.00

    NETSCOUT nGeniusONE before 6.4.0 b2350 has a Sensitive File Accessible Without Proper Authentication to an endpoint.

  • CVE-2025-32983HigApr 25, 2025
    risk 0.49cvss 7.5epss 0.00

    NETSCOUT nGeniusONE before 6.4.0 b2350 allows Technical Information Disclosure via a Stack Trace.

  • CVE-2025-32982HigApr 25, 2025
    risk 0.49cvss 7.5epss 0.00

    NETSCOUT nGeniusONE before 6.4.0 b2350 has a Broken Authorization Schema for the report module.

  • CVE-2025-32981HigApr 25, 2025
    risk 0.46cvss 7.1epss 0.00

    NETSCOUT nGeniusONE before 6.4.0 b2350 allows local users to leverage Insecure Permissions for the nGeniusCLI File.

  • CVE-2025-32979MedApr 25, 2025
    risk 0.42cvss 6.5epss 0.00

    NETSCOUT nGeniusONE before 6.4.0 b2350 allows Arbitrary File Creation by authenticated users.

  • CVE-2021-35201MedSep 30, 2021
    risk 0.42cvss 6.5epss 0.01

    NEI in NETSCOUT nGeniusONE 6.3.0 build 1196 allows XML External Entity (XXE) attacks.

  • CVE-2025-32984MedApr 25, 2025
    risk 0.40cvss 6.1epss 0.00

    NETSCOUT nGeniusONE before 6.4.0 b2350 allows Stored Cross-Site Scripting (XSS) via a certain POST parameter.

  • CVE-2023-27000MedJan 9, 2024
    risk 0.40cvss 6.1epss 0.01

    Cross Site Scripting vulnerability found in NetScoutnGeniusOne v.6.3.4 allows a remote attacker to execute arbitrary code via the name parameter of the Profile and Exclusion List page(s).

  • CVE-2023-41170MedDec 7, 2023
    risk 0.40cvss 6.1epss 0.00

    NetScout nGeniusONE 6.3.4 build 2298 allows a Reflected Cross-Site scripting vulnerability.

  • CVE-2022-44029MedJan 27, 2023
    risk 0.40cvss 6.1epss 0.00

    An issue was discovered in NetScout nGeniusONE 6.3.2 before P10. It allows Reflected Cross-Site Scripting (XSS), issue 6 of 6.

  • CVE-2022-44028MedJan 27, 2023
    risk 0.40cvss 6.1epss 0.00

    An issue was discovered in NetScout nGeniusONE 6.3.2 before P10. It allows Reflected Cross-Site Scripting (XSS), issue 5 of 6.

  • CVE-2022-44027MedJan 27, 2023
    risk 0.40cvss 6.1epss 0.00

    An issue was discovered in NetScout nGeniusONE 6.3.2 before P10. It allows Reflected Cross-Site Scripting (XSS), issue 4 of 6.

  • CVE-2022-44026MedJan 27, 2023
    risk 0.40cvss 6.1epss 0.00

    An issue was discovered in NetScout nGeniusONE 6.3.2 before P10. It allows Reflected Cross-Site Scripting (XSS), issue 3 of 6.

  • CVE-2022-44025MedJan 27, 2023
    risk 0.40cvss 6.1epss 0.00

    An issue was discovered in NetScout nGeniusONE 6.3.2 before P10. It allows Reflected Cross-Site Scripting (XSS), issue 2 of 6.

  • CVE-2022-44024MedJan 27, 2023
    risk 0.40cvss 6.1epss 0.00

    An issue was discovered in NetScout nGeniusONE 6.3.2 before P10. It allows Reflected Cross-Site Scripting (XSS), issue 1 of 6.

  • CVE-2021-35203MedSep 30, 2021
    risk 0.37cvss 5.7epss 0.01

    NETSCOUT Systems nGeniusONE 6.3.0 build 1196 allows Arbitrary File Read operations via the FDSQueryService endpoint.

  • CVE-2023-26998MedJan 9, 2024
    risk 0.35cvss 5.4epss 0.01

    Cross Site Scripting vulnerability found in NetScoutnGeniusOne v.6.3.4 allows a remote attacker to execute arbitrary code via the creator parameter of the Alert Configuration page.

  • CVE-2023-41905MedDec 7, 2023
    risk 0.35cvss 5.4epss 0.00

    NETSCOUT nGeniusONE 6.3.4 build 2298 allows a Reflected Cross-Site scripting (XSS) vulnerability by an authenticated user.

  • CVE-2023-41172MedDec 7, 2023
    risk 0.35cvss 5.4epss 0.00

    NetScout nGeniusONE 6.3.4 build 2298 allows a Stored Cross-Site scripting vulnerability (issue 4 of 4).

  • CVE-2023-41171MedDec 7, 2023
    risk 0.35cvss 5.4epss 0.00

    NetScout nGeniusONE 6.3.4 build 2298 allows a Stored Cross-Site scripting vulnerability (issue 3 of 4).

  • CVE-2023-41169MedDec 7, 2023
    risk 0.35cvss 5.4epss 0.00

    NetScout nGeniusONE 6.3.4 build 2298 allows a Stored Cross-Site scripting vulnerability (issue 2 of 4).

  • CVE-2023-41168MedDec 7, 2023
    risk 0.35cvss 5.4epss 0.00

    NetScout nGeniusONE 6.3.4 build 2298 allows a Stored Cross-Site scripting vulnerability (issue 1 of 4).

  • CVE-2021-35205MedSep 30, 2021
    risk 0.35cvss 5.4epss 0.00

    NETSCOUT Systems nGeniusONE version 6.3.0 build 1196 allows URL redirection in redirector.

  • CVE-2021-35204MedSep 30, 2021
    risk 0.35cvss 5.4epss 0.00

    NETSCOUT Systems nGeniusONE 6.3.0 build 1196 allows Reflected Cross-Site Scripting (XSS) in the support endpoint.

  • CVE-2021-35199MedSep 30, 2021
    risk 0.35cvss 5.4epss 0.00

    NETSCOUT nGeniusONE 6.3.0 build 1196 and earlier allows Stored Cross-Site Scripting (XSS) in UploadFile.

  • CVE-2021-35198MedSep 30, 2021
    risk 0.35cvss 5.4epss 0.00

    NETSCOUT nGeniusONE 6.3.0 build 1004 and earlier allows Stored Cross-Site Scripting (XSS) in the Packet Analysis module.

  • CVE-2021-35200MedSep 30, 2021
    risk 0.31cvss 4.8epss 0.00

    NETSCOUT nGeniusONE 6.3.0 build 1196 allows high-privileged users to achieve Stored Cross-Site Scripting (XSS) in FDSQueryService.

  • CVE-2021-35202MedSep 30, 2021
    risk 0.28cvss 4.3epss 0.01

    NETSCOUT Systems nGeniusONE 6.3.0 build 1196 allows Authorization Bypass (to access an endpoint) in FDSQueryService.

  • CVE-2022-44718LowJan 27, 2023
    risk 0.23cvss 3.5epss 0.00

    An issue was discovered in NetScout nGeniusONE 6.3.2 build 904. Open Redirection can occur (issue 2 of 2). After successful login, an attacker must visit the vulnerable parameter and inject a crafted payload to successfully redirect to an unknown host. The attack vector is…

  • CVE-2022-44717LowJan 27, 2023
    risk 0.20cvss 3.1epss 0.00

    An issue was discovered in NetScout nGeniusONE 6.3.2 build 904. Open Redirection can occur (issue 1 of 2). After successful login, an attacker must visit the vulnerable parameter and inject a crafted payload to successfully redirect to an unknown host. The attack vector is…

  • CVE-2008-6701Apr 10, 2009
    risk 0.00cvss epss 0.01

    NetScout (formerly Network General) Visualizer V2100 and InfiniStream i1730 do not restrict access to ResourceManager/en_US/domains/add_domain.jsp, which allows remote attackers to gain administrator privileges via a direct request.