Unrated severityNVD Advisory· Published Oct 19, 2020· Updated Aug 4, 2024
CVE-2020-15910
CVE-2020-15910
Description
SolarWinds N-Central version 12.3 GA and lower does not set the JSESSIONID attribute to HTTPOnly. This makes it possible to influence the cookie with javascript. An attacker could send the user to a prepared webpage or by influencing JavaScript to the extract the JESSIONID. This could then be forwarded to the attacker.
Affected products
2- SolarWinds/N-Centraldescription
- Range: <=12.3 GA
Patches
Vulnerability mechanics
References
2- limenetworks.nl/wp-content/uploads/CVE-934261-v-1.2.pdfmitrex_refsource_MISC
- www.solarwindsmsp.com/products/n-centralmitrex_refsource_MISC
News mentions
0No linked articles in our index yet.