Sign-up

ID

VAR-202006-0487


CVE

CVE-2020-14007


TITLE

SolarWinds Orion Platform cross-site scripting vulnerability

Trust: 1.2

sources: CNVD: CNVD-2021-24894 // CNNVD: CNNVD-202006-1674

DESCRIPTION

Solarwinds Orion (with Web Console WPM 2019.4.1, and Orion Platform HF4 or NPM HF2 2019.4) allows XSS via a name of an alert definition. SolarWinds Orion Platform is a set of network fault and network performance management platform of SolarWinds in the United States. The platform can provide real-time monitoring and analysis of network equipment, and supports customized web interface, multiple user opinions, and map browsing of the entire network. The vulnerability stems from the lack of correct verification of client data in WEB applications. An attacker can use this vulnerability to execute client code

Trust: 2.16

sources: NVD: CVE-2020-14007 // JVNDB: JVNDB-2020-007390 // CNVD: CNVD-2021-24894

IOT TAXONOMY

category:['IoT']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2021-24894

AFFECTED PRODUCTS

vendor:solarwindsmodel:orion web performance monitorscope:eqversion:2019.4.1

Trust: 1.8

vendor:solarwindsmodel:orion network performance monitorscope:eqversion:2019.4

Trust: 1.0

vendor:solarwindsmodel:orion network performance monitorscope:eqversion:2019.4 hf2

Trust: 0.8

vendor:solarwindsmodel:orion platform hf4 or npmscope:eqversion:2019.4

Trust: 0.6

vendor:solarwindsmodel:orion web console wpmscope:eqversion:2019.4.1

Trust: 0.6

sources: CNVD: CNVD-2021-24894 // JVNDB: JVNDB-2020-007390 // NVD: CVE-2020-14007

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-14007
value: MEDIUM

Trust: 1.0

NVD: JVNDB-2020-007390
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2021-24894
value: LOW

Trust: 0.6

CNNVD: CNNVD-202006-1674
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2020-14007
severity: LOW
baseScore: 3.5
vectorString: AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 6.8
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2020-007390
severity: LOW
baseScore: 3.5
vectorString: AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2021-24894
severity: LOW
baseScore: 3.5
vectorString: AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 6.8
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2020-14007
baseSeverity: MEDIUM
baseScore: 5.4
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.3
impactScore: 2.7
version: 3.1

Trust: 1.0

NVD: JVNDB-2020-007390
baseSeverity: MEDIUM
baseScore: 5.4
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2021-24894 // JVNDB: JVNDB-2020-007390 // CNNVD: CNNVD-202006-1674 // NVD: CVE-2020-14007

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.8

sources: JVNDB: JVNDB-2020-007390 // NVD: CVE-2020-14007

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202006-1674

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-202006-1674

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-007390

PATCH
title:Top Pageurl:https://www.solarwinds.com/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2020-007390

EXTERNAL IDS
db:NVDid:CVE-2020-14007
Trust: 3.0
db:JVNDBid:JVNDB-2020-007390
Trust: 0.8
db:CNVDid:CNVD-2021-24894
Trust: 0.6
db:CNNVDid:CNNVD-202006-1674
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2021-24894 // 
            
            
            
            JVNDB: JVNDB-2020-007390 // 
            
            
            
            CNNVD: CNNVD-202006-1674 // 
            
            
            
            NVD: CVE-2020-14007

REFERENCES
url:https://gist.github.com/alert3/f8d33412ab0c671d3cac6a50b132a894
Trust: 2.4
url:https://nvd.nist.gov/vuln/detail/cve-2020-14007
Trust: 2.0
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-14007
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2021-24894 // 
            
            
            
            JVNDB: JVNDB-2020-007390 // 
            
            
            
            CNNVD: CNNVD-202006-1674 // 
            
            
            
            NVD: CVE-2020-14007

SOURCES
db:CNVDid:CNVD-2021-24894
db:JVNDBid:JVNDB-2020-007390
db:CNNVDid:CNNVD-202006-1674
db:NVDid:CVE-2020-14007

LAST UPDATE DATE
2024-11-23T22:25:26.560000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2021-24894date:2021-04-04T00:00:00
db:JVNDBid:JVNDB-2020-007390date:2020-08-11T00:00:00
db:CNNVDid:CNNVD-202006-1674date:2020-07-08T00:00:00
db:NVDid:CVE-2020-14007date:2024-11-21T05:02:20.333

SOURCES RELEASE DATE
db:CNVDid:CNVD-2021-24894date:2021-04-04T00:00:00
db:JVNDBid:JVNDB-2020-007390date:2020-08-11T00:00:00
db:CNNVDid:CNNVD-202006-1674date:2020-06-24T00:00:00
db:NVDid:CVE-2020-14007date:2020-06-24T14:15:12.147