Issues

Select view

List view

Detail view

Server name/version number exposed in the response header
NMS-16452
Resolved issue: NMS-16452
[Web] - Missing Secure Flag on Session Cookie
NMS-16451
Resolved issue: NMS-16451
Host Header Injection
NMS-16450
Resolved issue: NMS-16450
Detailed server configuration in the error
NMS-16449
Resolved issue: NMS-16449
Stored XSS on "Node Label"
NMS-16448
Resolved issue: NMS-16448
Missing Access Control on "Geocoder Configuration"
NMS-16447
Resolved issue: NMS-16447
Missing Access Control on "Grafana Endpoints"
NMS-16446
Resolved issue: NMS-16446
Stored XSS on "Scheduled Outages"
NMS-16445
Resolved issue: NMS-16445
Stored XSS on "MIB Compiler"
NMS-16444
Resolved issue: NMS-16444
Stored XSS on "Monitoring Locations"
NMS-16443
Resolved issue: NMS-16443
Missing Access Control on Geocoder Configuration.
NMS-14025
Self XSS via User-Agent
NMS-14024
Improper Error Handling
NMS-14020
Stored XSS On-Call Roles.
NMS-14010
Weak Basic Authentication Protocol Used
NMS-14009
Stored XSS on Quick-Add Node
NMS-14001
Stored XSS in Discovery configuration
NMS-13995
[Web] - WebServer Fingerprinting
NMS-13987
Resolved issue: NMS-13987
[Web] - Vulnerable Angular JS version in Use
NMS-13986
[Web] - Missing Secure & HTTP Only Flags on Session Cookie
NMS-13985
[Web] - Session Fixation/Misconfigured Session Cookie Implementation
NMS-13984
[Web] - Password field with autocomplete enabled on Login page
NMS-13983
Resolved issue: NMS-13983
[Web] - Inadequate Account Lockout Policy
NMS-13982
[Web] - Weak Password Policy
NMS-13981
Resolved issue: NMS-13981
Internal Port Scan using SSRF
NMS-13980
Open Redirect using Host Header Injection
NMS-13979
Server Banner Disclosure
NMS-13976

27 of 27