Intrusion Prevention

SolarWinds.Orion.IPAM.Reflected.XSS

Description

This indicates an attack attempt to exploit a Cross-Site Scripting vulnerability in SolarWinds Orion IPAM's web interface.
The vulnerability is due to insufficient sanitizing of user-supplied input, which is echoed back to the user. An attacker can exploit this issue to inject HTML and script code, which will be executed in the target user's browser in the security context of the vulnerable site.

Affected Products

SolarWinds Orion IPAM prior to v3.0-HotFix1

Impact

System Compromise: Remote attackers can enable non-privileged code execution.

Recommended Actions

The vendor, SolarWinds, has released the following patch
http://downloads.solarwinds.com/solarwinds/Release/HotFix/IPAM-v3.0-HotFix1.zip

CVE References

CVE-2012-4939