CVE-2020-15910 is a vulnerability in SolarWinds N Central
Published on October 19, 2020

SolarWinds N-Central version 12.3 GA and lower does not set the JSESSIONID attribute to HTTPOnly. This makes it possible to influence the cookie with javascript. An attacker could send the user to a prepared webpage or by influencing JavaScript to the extract the JESSIONID. This could then be forwarded to the attacker.

NVD

Products Associated with CVE-2020-15910

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2020-15910 are published in SolarWinds N Central:

SolarWinds N Central

Exploit Probability

EPSS

0.36%

Percentile

57.51%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

CVE-2020-15910 is a vulnerability in SolarWinds N CentralPublished on October 19, 2020

Products Associated with CVE-2020-15910

Exploit Probability

CVE-2020-15910 is a vulnerability in SolarWinds N Central
Published on October 19, 2020