Cross-Site Scripting Vulnerability in SolarWinds Orion Web Console
CVE-2020-14007

5.4MEDIUM

Key Information:

Summary

A Cross-Site Scripting (XSS) vulnerability exists in the SolarWinds Orion Web Console, specifically affecting alert definitions. This flaw could allow an attacker to inject arbitrary scripts into the application, exposing users to potential data theft or session hijacking. The specific versions identified are WPM 2019.4.1, and Orion Platform HF4 or NPM HF2 2019.4. Admins are strongly advised to apply security patches and review alert configurations to mitigate any risks associated with this vulnerability.

References

CVSS V3.1

Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.