NetScout (formerly Network General) Visualizer V2100 and InfiniStream i1730 do not restrict access to ResourceManager/en_US/domains/add_domain.jsp, which allows remote attackers to gain administrator privileges via a direct request.
Netscout
CVE-2020-28251
NETSCOUT AirMagnet Enterprise 11.1.4 build 37257 and earlier has a sensor escalated privileges vulnerability that can be exploited to provide someone with administrative access to a sensor, with credentials to invoke a command to provide root access to the operating system. The attacker must complete a straightforward password-cracking exercise.
CVE-2021-45983
NetScout nGeniusONE 6.3.2 allows Java RMI Code Execution.
CVE-2021-45981
NetScout nGeniusONE 6.3.2 allows an XML External Entity (XXE) attack.
CVE-2021-35199
NETSCOUT nGeniusONE 6.3.0 build 1196 and earlier allows Stored Cross-Site Scripting (XSS) in UploadFile.
CVE-2021-35205
NETSCOUT Systems nGeniusONE version 6.3.0 build 1196 allows URL redirection in redirector.