CSRF Vulnerability in SolarWinds N-Central by SolarWinds
CVE-2020-25622

8.8HIGH

Key Information:

Vendor

Solarwinds
Status
N-central
Vendor
CVE Published:
16 December 2020

What is CVE-2020-25622?

A vulnerability exists in SolarWinds N-Central 12.3.0.670 through its AdvancedScripts HTTP endpoint, which is susceptible to Cross-Site Request Forgery (CSRF). This flaw may allow unauthorized users to execute harmful actions by tricking a logged-in user into making requests they did not intend to. Organizations should review their security posture regarding this vulnerability to ensure their systems are adequately protected against potential exploitation.

References

https://support.solarwinds.com/SuccessCenter/s/
x_refsource_MISC
https://ernw.de/en/publications.html
x_refsource_MISC
https://insinuator.net/2020/12/security-advisories-for-so...
x_refsource_MISC

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.