CVE-2020-15910
First published: Mon Oct 19 2020(Updated: )
SolarWinds N-Central version 12.3 GA and lower does not set the JSESSIONID attribute to HTTPOnly. This makes it possible to influence the cookie with javascript. An attacker could send the user to a prepared webpage or by influencing JavaScript to the extract the JESSIONID. This could then be forwarded to the attacker.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| SolarWinds N-Central | <=12.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- collector/nvd-index
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/severity
- agent/last-modified-date
- agent/weakness
- agent/event
- agent/description
- agent/first-publish-date
- agent/tags
- vendor/solarwinds
- canonical/solarwinds n-central
- version/solarwinds n-central/12.3