Vendor CVEs
Netscout
All CVEs
42 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-32985 | Cri | 0.64 | 9.8 | 0.00 | Apr 25, 2025 | NETSCOUT nGeniusONE before 6.4.0 b2350 has Hardcoded Credentials that can be obtained from JAR files. | ||
| CVE-2025-32980 | Cri | 0.64 | 9.8 | 0.00 | Apr 25, 2025 | NETSCOUT nGeniusONE before 6.4.0 P11 b3245 has a Weak Sudo Configuration. | ||
| CVE-2023-26999 | Cri | 0.64 | 9.8 | 0.01 | Jan 9, 2024 | An issue found in NetScout nGeniusOne v.6.3.4 allows a remote attacker to execute arbitrary code and cause a denial of service via a crafted file. | ||
| CVE-2023-40301 | Cri | 0.64 | 9.8 | 0.01 | Dec 7, 2023 | NETSCOUT nGeniusPULSE 3.8 has a Command Injection Vulnerability. | ||
| CVE-2023-40300 | Cri | 0.64 | 9.8 | 0.01 | Dec 7, 2023 | NETSCOUT nGeniusPULSE 3.8 has a Hardcoded Cryptographic Key. | ||
| CVE-2021-45983 | Cri | 0.64 | 9.8 | 0.01 | Jun 2, 2022 | NetScout nGeniusONE 6.3.2 allows Java RMI Code Execution. | ||
| CVE-2021-45981 | Cri | 0.64 | 9.8 | 0.01 | Jun 2, 2022 | NetScout nGeniusONE 6.3.2 allows an XML External Entity (XXE) attack. | ||
| CVE-2023-40302 | Cri | 0.59 | 9.1 | 0.01 | Dec 7, 2023 | NETSCOUT nGeniusPULSE 3.8 has Weak File Permissions Vulnerability | ||
| CVE-2022-44715 | Hig | 0.57 | 8.8 | 0.01 | Jan 27, 2023 | Improper File Permissions in NetScout nGeniusONE 6.3.2 build 904 allows authenticated remote users to gain permissions via a crafted payload. | ||
| CVE-2021-45982 | Hig | 0.57 | 8.8 | 0.01 | Jun 2, 2022 | NetScout nGeniusONE 6.3.2 allows Arbitrary File Upload by a privileged user. | ||
| CVE-2020-28251 | Hig | 0.53 | 8.1 | 0.01 | Dec 3, 2020 | NETSCOUT AirMagnet Enterprise 11.1.4 build 37257 and earlier has a sensor escalated privileges vulnerability that can be exploited to provide someone with administrative access to a sensor, with credentials to invoke a command to provide root access to the operating system. The… | ||
| CVE-2025-32986 | Hig | 0.49 | 7.5 | 0.00 | Apr 25, 2025 | NETSCOUT nGeniusONE before 6.4.0 b2350 has a Sensitive File Accessible Without Proper Authentication to an endpoint. | ||
| CVE-2025-32983 | Hig | 0.49 | 7.5 | 0.00 | Apr 25, 2025 | NETSCOUT nGeniusONE before 6.4.0 b2350 allows Technical Information Disclosure via a Stack Trace. | ||
| CVE-2025-32982 | Hig | 0.49 | 7.5 | 0.00 | Apr 25, 2025 | NETSCOUT nGeniusONE before 6.4.0 b2350 has a Broken Authorization Schema for the report module. | ||
| CVE-2025-32981 | Hig | 0.46 | 7.1 | 0.00 | Apr 25, 2025 | NETSCOUT nGeniusONE before 6.4.0 b2350 allows local users to leverage Insecure Permissions for the nGeniusCLI File. | ||
| CVE-2025-32979 | Med | 0.42 | 6.5 | 0.00 | Apr 25, 2025 | NETSCOUT nGeniusONE before 6.4.0 b2350 allows Arbitrary File Creation by authenticated users. | ||
| CVE-2021-35201 | Med | 0.42 | 6.5 | 0.01 | Sep 30, 2021 | NEI in NETSCOUT nGeniusONE 6.3.0 build 1196 allows XML External Entity (XXE) attacks. | ||
| CVE-2025-32984 | Med | 0.40 | 6.1 | 0.00 | Apr 25, 2025 | NETSCOUT nGeniusONE before 6.4.0 b2350 allows Stored Cross-Site Scripting (XSS) via a certain POST parameter. | ||
| CVE-2023-27000 | Med | 0.40 | 6.1 | 0.01 | Jan 9, 2024 | Cross Site Scripting vulnerability found in NetScoutnGeniusOne v.6.3.4 allows a remote attacker to execute arbitrary code via the name parameter of the Profile and Exclusion List page(s). | ||
| CVE-2023-41170 | Med | 0.40 | 6.1 | 0.00 | Dec 7, 2023 | NetScout nGeniusONE 6.3.4 build 2298 allows a Reflected Cross-Site scripting vulnerability. | ||
| CVE-2022-44029 | Med | 0.40 | 6.1 | 0.00 | Jan 27, 2023 | An issue was discovered in NetScout nGeniusONE 6.3.2 before P10. It allows Reflected Cross-Site Scripting (XSS), issue 6 of 6. | ||
| CVE-2022-44028 | Med | 0.40 | 6.1 | 0.00 | Jan 27, 2023 | An issue was discovered in NetScout nGeniusONE 6.3.2 before P10. It allows Reflected Cross-Site Scripting (XSS), issue 5 of 6. | ||
| CVE-2022-44027 | Med | 0.40 | 6.1 | 0.00 | Jan 27, 2023 | An issue was discovered in NetScout nGeniusONE 6.3.2 before P10. It allows Reflected Cross-Site Scripting (XSS), issue 4 of 6. | ||
| CVE-2022-44026 | Med | 0.40 | 6.1 | 0.00 | Jan 27, 2023 | An issue was discovered in NetScout nGeniusONE 6.3.2 before P10. It allows Reflected Cross-Site Scripting (XSS), issue 3 of 6. | ||
| CVE-2022-44025 | Med | 0.40 | 6.1 | 0.00 | Jan 27, 2023 | An issue was discovered in NetScout nGeniusONE 6.3.2 before P10. It allows Reflected Cross-Site Scripting (XSS), issue 2 of 6. | ||
| CVE-2022-44024 | Med | 0.40 | 6.1 | 0.00 | Jan 27, 2023 | An issue was discovered in NetScout nGeniusONE 6.3.2 before P10. It allows Reflected Cross-Site Scripting (XSS), issue 1 of 6. | ||
| CVE-2021-35203 | Med | 0.37 | 5.7 | 0.01 | Sep 30, 2021 | NETSCOUT Systems nGeniusONE 6.3.0 build 1196 allows Arbitrary File Read operations via the FDSQueryService endpoint. | ||
| CVE-2023-26998 | Med | 0.35 | 5.4 | 0.01 | Jan 9, 2024 | Cross Site Scripting vulnerability found in NetScoutnGeniusOne v.6.3.4 allows a remote attacker to execute arbitrary code via the creator parameter of the Alert Configuration page. | ||
| CVE-2023-41905 | Med | 0.35 | 5.4 | 0.00 | Dec 7, 2023 | NETSCOUT nGeniusONE 6.3.4 build 2298 allows a Reflected Cross-Site scripting (XSS) vulnerability by an authenticated user. | ||
| CVE-2023-41172 | Med | 0.35 | 5.4 | 0.00 | Dec 7, 2023 | NetScout nGeniusONE 6.3.4 build 2298 allows a Stored Cross-Site scripting vulnerability (issue 4 of 4). | ||
| CVE-2023-41171 | Med | 0.35 | 5.4 | 0.00 | Dec 7, 2023 | NetScout nGeniusONE 6.3.4 build 2298 allows a Stored Cross-Site scripting vulnerability (issue 3 of 4). | ||
| CVE-2023-41169 | Med | 0.35 | 5.4 | 0.00 | Dec 7, 2023 | NetScout nGeniusONE 6.3.4 build 2298 allows a Stored Cross-Site scripting vulnerability (issue 2 of 4). | ||
| CVE-2023-41168 | Med | 0.35 | 5.4 | 0.00 | Dec 7, 2023 | NetScout nGeniusONE 6.3.4 build 2298 allows a Stored Cross-Site scripting vulnerability (issue 1 of 4). | ||
| CVE-2021-35205 | Med | 0.35 | 5.4 | 0.00 | Sep 30, 2021 | NETSCOUT Systems nGeniusONE version 6.3.0 build 1196 allows URL redirection in redirector. | ||
| CVE-2021-35204 | Med | 0.35 | 5.4 | 0.00 | Sep 30, 2021 | NETSCOUT Systems nGeniusONE 6.3.0 build 1196 allows Reflected Cross-Site Scripting (XSS) in the support endpoint. | ||
| CVE-2021-35199 | Med | 0.35 | 5.4 | 0.00 | Sep 30, 2021 | NETSCOUT nGeniusONE 6.3.0 build 1196 and earlier allows Stored Cross-Site Scripting (XSS) in UploadFile. | ||
| CVE-2021-35198 | Med | 0.35 | 5.4 | 0.00 | Sep 30, 2021 | NETSCOUT nGeniusONE 6.3.0 build 1004 and earlier allows Stored Cross-Site Scripting (XSS) in the Packet Analysis module. | ||
| CVE-2021-35200 | Med | 0.31 | 4.8 | 0.00 | Sep 30, 2021 | NETSCOUT nGeniusONE 6.3.0 build 1196 allows high-privileged users to achieve Stored Cross-Site Scripting (XSS) in FDSQueryService. | ||
| CVE-2021-35202 | Med | 0.28 | 4.3 | 0.01 | Sep 30, 2021 | NETSCOUT Systems nGeniusONE 6.3.0 build 1196 allows Authorization Bypass (to access an endpoint) in FDSQueryService. | ||
| CVE-2022-44718 | Low | 0.23 | 3.5 | 0.00 | Jan 27, 2023 | An issue was discovered in NetScout nGeniusONE 6.3.2 build 904. Open Redirection can occur (issue 2 of 2). After successful login, an attacker must visit the vulnerable parameter and inject a crafted payload to successfully redirect to an unknown host. The attack vector is… | ||
| CVE-2022-44717 | Low | 0.20 | 3.1 | 0.00 | Jan 27, 2023 | An issue was discovered in NetScout nGeniusONE 6.3.2 build 904. Open Redirection can occur (issue 1 of 2). After successful login, an attacker must visit the vulnerable parameter and inject a crafted payload to successfully redirect to an unknown host. The attack vector is… | ||
| CVE-2008-6701 | 0.00 | — | 0.01 | Apr 10, 2009 | NetScout (formerly Network General) Visualizer V2100 and InfiniStream i1730 do not restrict access to ResourceManager/en_US/domains/add_domain.jsp, which allows remote attackers to gain administrator privileges via a direct request. |
- risk 0.64cvss 9.8epss 0.00
NETSCOUT nGeniusONE before 6.4.0 b2350 has Hardcoded Credentials that can be obtained from JAR files.
- risk 0.64cvss 9.8epss 0.00
NETSCOUT nGeniusONE before 6.4.0 P11 b3245 has a Weak Sudo Configuration.
- risk 0.64cvss 9.8epss 0.01
An issue found in NetScout nGeniusOne v.6.3.4 allows a remote attacker to execute arbitrary code and cause a denial of service via a crafted file.
- risk 0.64cvss 9.8epss 0.01
NETSCOUT nGeniusPULSE 3.8 has a Command Injection Vulnerability.
- risk 0.64cvss 9.8epss 0.01
NETSCOUT nGeniusPULSE 3.8 has a Hardcoded Cryptographic Key.
- risk 0.64cvss 9.8epss 0.01
NetScout nGeniusONE 6.3.2 allows Java RMI Code Execution.
- risk 0.64cvss 9.8epss 0.01
NetScout nGeniusONE 6.3.2 allows an XML External Entity (XXE) attack.
- risk 0.59cvss 9.1epss 0.01
NETSCOUT nGeniusPULSE 3.8 has Weak File Permissions Vulnerability
- risk 0.57cvss 8.8epss 0.01
Improper File Permissions in NetScout nGeniusONE 6.3.2 build 904 allows authenticated remote users to gain permissions via a crafted payload.
- risk 0.57cvss 8.8epss 0.01
NetScout nGeniusONE 6.3.2 allows Arbitrary File Upload by a privileged user.
- risk 0.53cvss 8.1epss 0.01
NETSCOUT AirMagnet Enterprise 11.1.4 build 37257 and earlier has a sensor escalated privileges vulnerability that can be exploited to provide someone with administrative access to a sensor, with credentials to invoke a command to provide root access to the operating system. The…
- risk 0.49cvss 7.5epss 0.00
NETSCOUT nGeniusONE before 6.4.0 b2350 has a Sensitive File Accessible Without Proper Authentication to an endpoint.
- risk 0.49cvss 7.5epss 0.00
NETSCOUT nGeniusONE before 6.4.0 b2350 allows Technical Information Disclosure via a Stack Trace.
- risk 0.49cvss 7.5epss 0.00
NETSCOUT nGeniusONE before 6.4.0 b2350 has a Broken Authorization Schema for the report module.
- risk 0.46cvss 7.1epss 0.00
NETSCOUT nGeniusONE before 6.4.0 b2350 allows local users to leverage Insecure Permissions for the nGeniusCLI File.
- risk 0.42cvss 6.5epss 0.00
NETSCOUT nGeniusONE before 6.4.0 b2350 allows Arbitrary File Creation by authenticated users.
- risk 0.42cvss 6.5epss 0.01
NEI in NETSCOUT nGeniusONE 6.3.0 build 1196 allows XML External Entity (XXE) attacks.
- risk 0.40cvss 6.1epss 0.00
NETSCOUT nGeniusONE before 6.4.0 b2350 allows Stored Cross-Site Scripting (XSS) via a certain POST parameter.
- risk 0.40cvss 6.1epss 0.01
Cross Site Scripting vulnerability found in NetScoutnGeniusOne v.6.3.4 allows a remote attacker to execute arbitrary code via the name parameter of the Profile and Exclusion List page(s).
- risk 0.40cvss 6.1epss 0.00
NetScout nGeniusONE 6.3.4 build 2298 allows a Reflected Cross-Site scripting vulnerability.
- risk 0.40cvss 6.1epss 0.00
An issue was discovered in NetScout nGeniusONE 6.3.2 before P10. It allows Reflected Cross-Site Scripting (XSS), issue 6 of 6.
- risk 0.40cvss 6.1epss 0.00
An issue was discovered in NetScout nGeniusONE 6.3.2 before P10. It allows Reflected Cross-Site Scripting (XSS), issue 5 of 6.
- risk 0.40cvss 6.1epss 0.00
An issue was discovered in NetScout nGeniusONE 6.3.2 before P10. It allows Reflected Cross-Site Scripting (XSS), issue 4 of 6.
- risk 0.40cvss 6.1epss 0.00
An issue was discovered in NetScout nGeniusONE 6.3.2 before P10. It allows Reflected Cross-Site Scripting (XSS), issue 3 of 6.
- risk 0.40cvss 6.1epss 0.00
An issue was discovered in NetScout nGeniusONE 6.3.2 before P10. It allows Reflected Cross-Site Scripting (XSS), issue 2 of 6.
- risk 0.40cvss 6.1epss 0.00
An issue was discovered in NetScout nGeniusONE 6.3.2 before P10. It allows Reflected Cross-Site Scripting (XSS), issue 1 of 6.
- risk 0.37cvss 5.7epss 0.01
NETSCOUT Systems nGeniusONE 6.3.0 build 1196 allows Arbitrary File Read operations via the FDSQueryService endpoint.
- risk 0.35cvss 5.4epss 0.01
Cross Site Scripting vulnerability found in NetScoutnGeniusOne v.6.3.4 allows a remote attacker to execute arbitrary code via the creator parameter of the Alert Configuration page.
- risk 0.35cvss 5.4epss 0.00
NETSCOUT nGeniusONE 6.3.4 build 2298 allows a Reflected Cross-Site scripting (XSS) vulnerability by an authenticated user.
- risk 0.35cvss 5.4epss 0.00
NetScout nGeniusONE 6.3.4 build 2298 allows a Stored Cross-Site scripting vulnerability (issue 4 of 4).
- risk 0.35cvss 5.4epss 0.00
NetScout nGeniusONE 6.3.4 build 2298 allows a Stored Cross-Site scripting vulnerability (issue 3 of 4).
- risk 0.35cvss 5.4epss 0.00
NetScout nGeniusONE 6.3.4 build 2298 allows a Stored Cross-Site scripting vulnerability (issue 2 of 4).
- risk 0.35cvss 5.4epss 0.00
NetScout nGeniusONE 6.3.4 build 2298 allows a Stored Cross-Site scripting vulnerability (issue 1 of 4).
- risk 0.35cvss 5.4epss 0.00
NETSCOUT Systems nGeniusONE version 6.3.0 build 1196 allows URL redirection in redirector.
- risk 0.35cvss 5.4epss 0.00
NETSCOUT Systems nGeniusONE 6.3.0 build 1196 allows Reflected Cross-Site Scripting (XSS) in the support endpoint.
- risk 0.35cvss 5.4epss 0.00
NETSCOUT nGeniusONE 6.3.0 build 1196 and earlier allows Stored Cross-Site Scripting (XSS) in UploadFile.
- risk 0.35cvss 5.4epss 0.00
NETSCOUT nGeniusONE 6.3.0 build 1004 and earlier allows Stored Cross-Site Scripting (XSS) in the Packet Analysis module.
- risk 0.31cvss 4.8epss 0.00
NETSCOUT nGeniusONE 6.3.0 build 1196 allows high-privileged users to achieve Stored Cross-Site Scripting (XSS) in FDSQueryService.
- risk 0.28cvss 4.3epss 0.01
NETSCOUT Systems nGeniusONE 6.3.0 build 1196 allows Authorization Bypass (to access an endpoint) in FDSQueryService.
- risk 0.23cvss 3.5epss 0.00
An issue was discovered in NetScout nGeniusONE 6.3.2 build 904. Open Redirection can occur (issue 2 of 2). After successful login, an attacker must visit the vulnerable parameter and inject a crafted payload to successfully redirect to an unknown host. The attack vector is…
- risk 0.20cvss 3.1epss 0.00
An issue was discovered in NetScout nGeniusONE 6.3.2 build 904. Open Redirection can occur (issue 1 of 2). After successful login, an attacker must visit the vulnerable parameter and inject a crafted payload to successfully redirect to an unknown host. The attack vector is…
- CVE-2008-6701Apr 10, 2009risk 0.00cvss —epss 0.01
NetScout (formerly Network General) Visualizer V2100 and InfiniStream i1730 do not restrict access to ResourceManager/en_US/domains/add_domain.jsp, which allows remote attackers to gain administrator privileges via a direct request.