Vendor scorecard
NetScout
NetScout security disclosure record — CVE volume, CVSS severity mix and product-category breakdown, sourced from the NIST NVD.
CPE: netscout
Product families
1
Open in latest
27
Inferred — see methodology
Last disclosure
Apr 25, 2025
01
Product categories
1 trackedCVE volume, severity mix and the inferred latest shipping version per category.
| Category | CVEs | Volume | Severity mix | Open | Inferred latest |
|---|---|---|---|---|---|
| nGeniusONE / MonitoringNetwork Detection / IDS-IPS · Network Management & Monitoringngeniusone, ngenius_packet_flow_switch | 36 | 27 | 6.4.0LOW |
02
Recent CVEs
12 shownMost recently published, newest first. Each ID links to its NVD record.
| CVE | Severity | CVSS | Summary | Published |
|---|---|---|---|---|
| CVE-2025-32986(opens NVD record) | High | 7.5 | NETSCOUT nGeniusONE before 6.4.0 b2350 has a Sensitive File Accessible Without Proper Authentication to an endpoint. | Apr 25, 2025 |
| CVE-2025-32985(opens NVD record) | Critical | 9.8 | NETSCOUT nGeniusONE before 6.4.0 b2350 has Hardcoded Credentials that can be obtained from JAR files. | Apr 25, 2025 |
| CVE-2025-32984(opens NVD record) | Medium | 6.1 | NETSCOUT nGeniusONE before 6.4.0 b2350 allows Stored Cross-Site Scripting (XSS) via a certain POST parameter. | Apr 25, 2025 |
| CVE-2025-32983(opens NVD record) | High | 7.5 | NETSCOUT nGeniusONE before 6.4.0 b2350 allows Technical Information Disclosure via a Stack Trace. | Apr 25, 2025 |
| CVE-2025-32982(opens NVD record) | High | 7.5 | NETSCOUT nGeniusONE before 6.4.0 b2350 has a Broken Authorization Schema for the report module. | Apr 25, 2025 |
| CVE-2025-32981(opens NVD record) | High | 7.1 | NETSCOUT nGeniusONE before 6.4.0 b2350 allows local users to leverage Insecure Permissions for the nGeniusCLI File. | Apr 25, 2025 |
| CVE-2025-32979(opens NVD record) | Medium | 6.5 | NETSCOUT nGeniusONE before 6.4.0 b2350 allows Arbitrary File Creation by authenticated users. | Apr 25, 2025 |
| CVE-2023-27000(opens NVD record) | Medium | 6.1 | Cross Site Scripting vulnerability found in NetScoutnGeniusOne v.6.3.4 allows a remote attacker to execute arbitrary code via the name parameter of the Profile and Exclusion List page(s). | Jan 9, 2024 |
| CVE-2023-26999(opens NVD record) | Critical | 9.8 | An issue found in NetScout nGeniusOne v.6.3.4 allows a remote attacker to execute arbitrary code and cause a denial of service via a crafted file. | Jan 9, 2024 |
| CVE-2023-26998(opens NVD record) | Medium | 5.4 | Cross Site Scripting vulnerability found in NetScoutnGeniusOne v.6.3.4 allows a remote attacker to execute arbitrary code via the creator parameter of the Alert Configuration page. | Jan 9, 2024 |
| CVE-2023-41905(opens NVD record) | Medium | 5.4 | NETSCOUT nGeniusONE 6.3.4 build 2298 allows a Reflected Cross-Site scripting (XSS) vulnerability by an authenticated user. | Dec 7, 2023 |
| CVE-2023-41172(opens NVD record) | Medium | 5.4 | NetScout nGeniusONE 6.3.4 build 2298 allows a Stored Cross-Site scripting vulnerability (issue 4 of 4). | Dec 7, 2023 |
36 CVEs · 1 product families