CVE-2020-15909
SolarWinds N-central up to 2020.1 is described as vulnerable to session hijacking via the JSESSIONID cookie. The JSESSIONID attribute is not validated against multiple sources (e.g., source IP, MFA claims) while the victim remains logged in, allowing an attacker to steal the cookie and reuse it b...