Sign-up

ID

VAR-202006-0486


CVE

CVE-2020-14006


TITLE

Solarwinds Orion Cross-site scripting vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2020-007387

DESCRIPTION

Solarwinds Orion (with Web Console WPM 2019.4.1, and Orion Platform HF4 or NPM HF2 2019.4) allows XSS via a Responsible Team. SolarWinds Orion Platform is a set of network fault and network performance management platform of SolarWinds in the United States. The platform can provide real-time monitoring and analysis of network equipment, and supports customized web interface, multiple user opinions, and map browsing of the entire network. The vulnerability stems from the lack of correct verification of client data in WEB applications. An attacker can use this vulnerability to execute client code

Trust: 2.16

sources: NVD: CVE-2020-14006 // JVNDB: JVNDB-2020-007387 // CNVD: CNVD-2021-24893

IOT TAXONOMY

category:['IoT']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2021-24893

AFFECTED PRODUCTS

vendor:solarwindsmodel:orion web performance monitorscope:eqversion:2019.4.1

Trust: 1.8

vendor:solarwindsmodel:orion network performance monitorscope:eqversion:2019.4

Trust: 1.0

vendor:solarwindsmodel:orion network performance monitorscope:eqversion:2019.4 hf2

Trust: 0.8

vendor:solarwindsmodel:orion platform hf4 or npmscope:eqversion:2019.4

Trust: 0.6

vendor:solarwindsmodel:orion web console wpmscope:eqversion:2019.4.1

Trust: 0.6

sources: CNVD: CNVD-2021-24893 // JVNDB: JVNDB-2020-007387 // NVD: CVE-2020-14006

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-14006
value: MEDIUM

Trust: 1.0

NVD: JVNDB-2020-007387
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2021-24893
value: LOW

Trust: 0.6

CNNVD: CNNVD-202006-1673
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2020-14006
severity: LOW
baseScore: 3.5
vectorString: AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 6.8
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2020-007387
severity: LOW
baseScore: 3.5
vectorString: AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2021-24893
severity: LOW
baseScore: 3.5
vectorString: AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 6.8
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2020-14006
baseSeverity: MEDIUM
baseScore: 5.4
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.3
impactScore: 2.7
version: 3.1

Trust: 1.0

NVD: JVNDB-2020-007387
baseSeverity: MEDIUM
baseScore: 5.4
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2021-24893 // JVNDB: JVNDB-2020-007387 // CNNVD: CNNVD-202006-1673 // NVD: CVE-2020-14006

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.8

sources: JVNDB: JVNDB-2020-007387 // NVD: CVE-2020-14006

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202006-1673

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-202006-1673

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-007387

PATCH
title:Top Pageurl:https://www.solarwinds.com/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2020-007387

EXTERNAL IDS
db:NVDid:CVE-2020-14006
Trust: 3.0
db:JVNDBid:JVNDB-2020-007387
Trust: 0.8
db:CNVDid:CNVD-2021-24893
Trust: 0.6
db:CNNVDid:CNNVD-202006-1673
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2021-24893 // 
            
            
            
            JVNDB: JVNDB-2020-007387 // 
            
            
            
            CNNVD: CNNVD-202006-1673 // 
            
            
            
            NVD: CVE-2020-14006

REFERENCES
url:https://gist.github.com/alert3/f8d33412ab0c671d3cac6a50b132a894
Trust: 2.4
url:https://nvd.nist.gov/vuln/detail/cve-2020-14006
Trust: 2.0
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-14006
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2021-24893 // 
            
            
            
            JVNDB: JVNDB-2020-007387 // 
            
            
            
            CNNVD: CNNVD-202006-1673 // 
            
            
            
            NVD: CVE-2020-14006

SOURCES
db:CNVDid:CNVD-2021-24893
db:JVNDBid:JVNDB-2020-007387
db:CNNVDid:CNNVD-202006-1673
db:NVDid:CVE-2020-14006

LAST UPDATE DATE
2024-11-23T22:37:22.752000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2021-24893date:2021-04-04T00:00:00
db:JVNDBid:JVNDB-2020-007387date:2020-08-11T00:00:00
db:CNNVDid:CNNVD-202006-1673date:2020-07-08T00:00:00
db:NVDid:CVE-2020-14006date:2024-11-21T05:02:20.197

SOURCES RELEASE DATE
db:CNVDid:CNVD-2021-24893date:2021-04-04T00:00:00
db:JVNDBid:JVNDB-2020-007387date:2020-08-11T00:00:00
db:CNNVDid:CNNVD-202006-1673date:2020-06-24T00:00:00
db:NVDid:CVE-2020-14006date:2020-06-24T14:15:12.100