彙總 netscout 相關全部產品的 CVE 與安全漏洞情報,包括 CVSS、EPSS、公開時間與漏洞情報資料。
已披露問題常與 跨站腳本、路徑處理缺陷與XXE 相關,可能在 軟體部署與生產負載 場景中帶來 工作階段劫持與檔案覆寫 等暴露風險。
相關漏洞資料主要來源於公開漏洞披露與安全公告,可用於評估歷史漏洞暴露面與修補優先順序。
| CVE | 摘要 | 來源 | 最高 CVSS | EPSS % | 公開時間 | 更新時間 |
|---|---|---|---|---|---|---|
| CVE-2025-32986 | NETSCOUT nGeniusONE before 6.4.0 b2350 has a Sensitive File Accessible Without Proper Authentication to an endpoint. | [email protected] | 7.5 | 0.37% | 2025-04-25 | 2026-06-17 |
| CVE-2025-32985 | NETSCOUT nGeniusONE before 6.4.0 b2350 has Hardcoded Credentials that can be obtained from JAR files. | [email protected] | 9.8 | 0.39% | 2025-04-25 | 2026-06-17 |
| CVE-2025-32984 | NETSCOUT nGeniusONE before 6.4.0 b2350 allows Stored Cross-Site Scripting (XSS) via a certain POST parameter. | [email protected] | 6.1 | 0.22% | 2025-04-25 | 2026-06-17 |
| CVE-2025-32983 | NETSCOUT nGeniusONE before 6.4.0 b2350 allows Technical Information Disclosure via a Stack Trace. | [email protected] | 7.5 | 0.36% | 2025-04-25 | 2026-06-17 |
| CVE-2025-32982 | NETSCOUT nGeniusONE before 6.4.0 b2350 has a Broken Authorization Schema for the report module. | [email protected] | 7.5 | 0.33% | 2025-04-25 | 2026-06-17 |
| CVE-2025-32981 | NETSCOUT nGeniusONE before 6.4.0 b2350 allows local users to leverage Insecure Permissions for the nGeniusCLI File. | [email protected] | 7.1 | 0.20% | 2025-04-25 | 2026-06-17 |
| CVE-2025-32979 | NETSCOUT nGeniusONE before 6.4.0 b2350 allows Arbitrary File Creation by authenticated users. | [email protected] | 6.5 | 0.30% | 2025-04-25 | 2026-06-17 |
| CVE-2023-27000 | Cross Site Scripting vulnerability found in NetScoutnGeniusOne v.6.3.4 allows a remote attacker to execute arbitrary code via the name parameter of the Profile and Exclusion List page(s). | [email protected] | 6.1 | 0.74% | 2024-01-08 | 2026-06-17 |
| CVE-2023-26999 | An issue found in NetScout nGeniusOne v.6.3.4 allows a remote attacker to execute arbitrary code and cause a denial of service via a crafted file. | [email protected] | 9.8 | 1.39% | 2024-01-08 | 2026-06-17 |
| CVE-2023-26998 | Cross Site Scripting vulnerability found in NetScoutnGeniusOne v.6.3.4 allows a remote attacker to execute arbitrary code via the creator parameter of the Alert Configuration page. | [email protected] | 5.4 | 0.67% | 2024-01-08 | 2026-06-17 |
| CVE-2023-41905 | NETSCOUT nGeniusONE 6.3.4 build 2298 allows a Reflected Cross-Site scripting (XSS) vulnerability by an authenticated user. | [email protected] | 5.4 | 0.39% | 2023-12-07 | 2026-06-17 |
| CVE-2023-41172 | NetScout nGeniusONE 6.3.4 build 2298 allows a Stored Cross-Site scripting vulnerability (issue 4 of 4). | [email protected] | 5.4 | 0.39% | 2023-12-07 | 2026-06-17 |
| CVE-2023-41171 | NetScout nGeniusONE 6.3.4 build 2298 allows a Stored Cross-Site scripting vulnerability (issue 3 of 4). | [email protected] | 5.4 | 0.39% | 2023-12-07 | 2026-06-17 |
| CVE-2023-41170 | NetScout nGeniusONE 6.3.4 build 2298 allows a Reflected Cross-Site scripting vulnerability. | [email protected] | 6.1 | 0.41% | 2023-12-07 | 2026-06-17 |
| CVE-2023-41169 | NetScout nGeniusONE 6.3.4 build 2298 allows a Stored Cross-Site scripting vulnerability (issue 2 of 4). | [email protected] | 5.4 | 0.39% | 2023-12-07 | 2026-06-17 |
| CVE-2023-41168 | NetScout nGeniusONE 6.3.4 build 2298 allows a Stored Cross-Site scripting vulnerability (issue 1 of 4). | [email protected] | 5.4 | 0.39% | 2023-12-07 | 2026-06-17 |
| CVE-2023-40302 | NETSCOUT nGeniusPULSE 3.8 has Weak File Permissions Vulnerability | [email protected] | 9.1 | 0.84% | 2023-12-07 | 2026-06-17 |
| CVE-2023-40301 | NETSCOUT nGeniusPULSE 3.8 has a Command Injection Vulnerability. | [email protected] | 9.8 | 1.48% | 2023-12-07 | 2026-06-17 |
| CVE-2023-40300 | NETSCOUT nGeniusPULSE 3.8 has a Hardcoded Cryptographic Key. | [email protected] | 9.8 | 0.71% | 2023-12-07 | 2026-06-17 |
| CVE-2022-44718 | An issue was discovered in NetScout nGeniusONE 6.3.2 build 904. Open Redirection can occur (issue 2 of 2). After successful login, an attacker must visit the vulnerable parameter and inject a crafted payload to successfully redirect to an unknown host. The attack vector is Network, and the Attack Complexity required is High. Privileges required are administrator, User Interaction is required, and Scope is unchanged. The user must visit the vulnerable parameter and inject a crafted payload to suc | [email protected] | 3.5 | 0.29% | 2023-01-27 | 2026-06-17 |