N-central Security Vulnerabilities and Issues — N-central CVE List

Lucene search

SolarwindsN-central

3 matches found

CVE•added 2020/12/16 3:15 p.m.•32 views

CVE-2020-25622

An issue was discovered in SolarWinds N-Central 12.3.0.670. The AdvancedScripts HTTP endpoint allows CSRF.

8.8CVSS8.6AI score0.02629EPSS

CVE•added 2020/12/16 3:15 p.m.•29 views

CVE-2020-25621

An issue was discovered in SolarWinds N-Central 12.3.0.670. The local database does not require authentication: security is only based on ability to access a network interface. The database has keys and passwords.

8.4CVSS8.1AI score0.00212EPSS

CVE•added 2020/10/19 1:15 p.m.•27 views

CVE-2020-15909

SolarWinds N-central through 2020.1 allows session hijacking and requires user interaction or physical access. The N-Central JSESSIONID cookie attribute is not checked against multiple sources such as sourceip, MFA claim, etc. as long as the victim stays logged in within N-Central. To take advantag...

8.8CVSS8.3AI score0.01403EPSS