cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2020-25622,https://securityvulnerability.io/vulnerability/CVE-2020-25622,CSRF Vulnerability in SolarWinds N-Central by SolarWinds,"A vulnerability exists in SolarWinds N-Central 12.3.0.670 through its AdvancedScripts HTTP endpoint, which is susceptible to Cross-Site Request Forgery (CSRF). This flaw may allow unauthorized users to execute harmful actions by tricking a logged-in user into making requests they did not intend to. Organizations should review their security posture regarding this vulnerability to ensure their systems are adequately protected against potential exploitation.",Solarwinds,N-central,8.8,HIGH,0.001930000027641654,false,,false,false,false,,,false,false,,2020-12-16T14:07:32.000Z,0
CVE-2020-25621,https://securityvulnerability.io/vulnerability/CVE-2020-25621,Local Database Authentication Flaw in SolarWinds N-Central,"A vulnerability exists in SolarWinds N-Central version 12.3.0.670 where the local database fails to require authentication. The security is solely dependent on network interface access, exposing sensitive database keys and passwords. This significant oversight can lead to unauthorized access to critical information, emphasizing the need for robust authentication mechanisms to secure sensitive data.",Solarwinds,N-central,8.4,HIGH,0.0010400000028312206,false,,false,false,false,,,false,false,,2020-12-16T14:07:07.000Z,0
CVE-2020-25620,https://securityvulnerability.io/vulnerability/CVE-2020-25620,Hard-Coded Credential Vulnerability in SolarWinds N-Central Software,"A security issue has been identified in SolarWinds N-Central version 12.3.0.670, where hard-coded credentials for local user accounts (specifically support@n-able.com and nableadmin@n-able.com) are present by default. This flaw enables unauthorized access to the N-Central Administrative Console (NAC) and the standard web interface, posing a risk to the integrity of network management systems.",Solarwinds,N-central,7.8,HIGH,0.0004199999966658652,false,,false,false,false,,,false,false,,2020-12-16T14:04:59.000Z,0
CVE-2020-25619,https://securityvulnerability.io/vulnerability/CVE-2020-25619,SSH Communication Channel Exposure in SolarWinds N-Central,"A vulnerability was identified in SolarWinds N-Central 12.3.0.670, where the SSH component fails to impose restrictions on the Communication Channel to Intended Endpoints. This allows attackers to exploit SSH's port forwarding feature, utilizing a temporary key pair to gain access to network services that are meant to be restricted to local communication. Consequently, this could lead to unauthorized access to localhost resources, posing significant security concerns for affected systems.",Solarwinds,N-central,4.4,MEDIUM,0.00046999999904073775,false,,false,false,false,,,false,false,,2020-12-16T14:01:36.000Z,0
CVE-2020-25618,https://securityvulnerability.io/vulnerability/CVE-2020-25618,Access Control Vulnerability in SolarWinds N-Central,"An access control vulnerability was identified in SolarWinds N-Central, specifically in version 12.3.0.670. This issue arises from a misconfiguration in the sudo settings, allowing the nable web user account to execute arbitrary operating system commands with root privileges. The lack of restrictions in the sudoers file permits escalation of privileges, which can lead to significant security concerns if exploited.",Solarwinds,N-central,8.8,HIGH,0.005179999861866236,false,,false,false,false,,,false,false,,2020-12-16T13:56:58.000Z,0
CVE-2020-25617,https://securityvulnerability.io/vulnerability/CVE-2020-25617,Relative Path Traversal Vulnerability in SolarWinds N-Central,"A relative path traversal vulnerability has been identified in SolarWinds N-Central 12.3.0.670. This issue allows an authenticated user of the N-Central Administration Console to manipulate HTTP requests, leading to the potential execution of operating system commands with root privileges. The flaw poses significant risks as it enables attackers to gain unauthorized access and control over the system, making it essential for users to apply relevant security measures and updates promptly.",Solarwinds,N-central,8.8,HIGH,0.007120000198483467,false,,false,false,false,,,false,false,,2020-12-16T13:52:03.000Z,0
CVE-2020-15910,https://securityvulnerability.io/vulnerability/CVE-2020-15910,Cookie Manipulation Vulnerability in SolarWinds N-Central,"The vulnerability in SolarWinds N-Central versions 12.3 GA and lower stems from the JSESSIONID attribute not being set to HTTPOnly. This oversight allows attackers to manipulate the cookie using JavaScript, potentially leading to session hijacking. By directing unsuspecting users to a malicious webpage or exploiting JavaScript, an attacker can extract the JSESSIONID and use it for unauthorized access. Organizations using affected versions of N-Central should take immediate action to protect their systems.",Solarwinds,N-central,4.7,MEDIUM,0.0006600000197067857,false,,false,false,false,,,false,false,,2020-10-19T12:57:26.000Z,0
CVE-2020-15909,https://securityvulnerability.io/vulnerability/CVE-2020-15909,Session Hijacking Vulnerability in SolarWinds N-central Software,"SolarWinds N-central versions up to 2020.1 are susceptible to session hijacking due to inadequate checks on the JSESSIONID cookie. Attackers can exploit this vulnerability by stealing the JSESSIONID cookie when the user is logged in, allowing them to impersonate the victim. The affected system fails to validate the cookie against additional security measures, such as source IP checks or multi-factor authentication. This oversight enables unauthorized access and manipulation within N-central, a service that provides significant privileges. Proper cookie handling and robust authentication measures are critical to safeguarding the system against such attacks. For more details, visit SolarWinds MSP and related security resources.",Solarwinds,N-central,8.8,HIGH,0.004920000210404396,false,,false,false,false,,,false,false,,2020-10-19T12:57:26.000Z,0
CVE-2020-7984,https://securityvulnerability.io/vulnerability/CVE-2020-7984,,"SolarWinds N-central before 12.1 SP1 HF5 and 12.2 before SP1 HF2 allows remote attackers to retrieve cleartext domain admin credentials from the Agent & Probe settings, and obtain other sensitive information. The attacker can use a customer ID to self register and read any aspects of the agent/appliance configuration.",Solarwinds,N-central,7.5,HIGH,0.008469999767839909,false,,false,false,false,,,false,false,,2020-01-26T20:04:06.000Z,0
CVE-2015-5610,https://securityvulnerability.io/vulnerability/CVE-2015-5610,,"The RSM (aka RSMWinService) service in SolarWinds N-Able N-Central before 9.5.1.4514 uses the same password decryption key across different customers' installations, which makes it easier for remote authenticated users to obtain the cleartext domain-administrator password by locating the encrypted password within HTML source code and then leveraging knowledge of this key from another installation.",Solarwinds,N-able N-central,,,0.0007399999885819852,false,,false,false,false,,,false,false,,2015-07-21T17:00:00.000Z,0