Skip to main content

N Central CVE-2020-25622

HIGH
Cross-Site Request Forgery (CSRF) (CWE-352)
2020-12-16 cve@mitre.org
8.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
8.8 HIGH
AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Dec 16, 2020 - 15:15 nvd
HIGH 8.8

DescriptionNVD

An issue was discovered in SolarWinds N-Central 12.3.0.670. The AdvancedScripts HTTP endpoint allows CSRF.

AnalysisAI

An issue was discovered in SolarWinds N-Central 12.3.0.670. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Cross-Site Request Forgery (CSRF) (CWE-352), which allows attackers to trick authenticated users into performing unintended actions. An issue was discovered in SolarWinds N-Central 12.3.0.670. The AdvancedScripts HTTP endpoint allows CSRF. Affected products include: Solarwinds N-Central.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Implement anti-CSRF tokens, validate Origin/Referer headers, use SameSite cookie attribute.

CVE-2025-11700 HIGH POC
8.4 Nov 12

N-able N-central remote monitoring and management platform versions before 2025.4 contain multiple XML External Entity i

CVE-2025-8876 CRITICAL
9.4 Aug 14

N-able N-central before 2025.3.1 contains an OS command injection through improper input validation, companion vulnerabi

CVE-2024-28200 CRITICAL POC
9.8 Jul 01

The N-central server is vulnerable to an authentication bypass of the user interface. Rated critical severity (CVSS 9.8)

CVE-2020-15909 HIGH POC
8.8 Oct 19

SolarWinds N-central through 2020.1 allows session hijacking and requires user interaction or physical access. Rated hig

CVE-2020-7984 HIGH POC
7.5 Jan 26

SolarWinds N-central before 12.1 SP1 HF5 and 12.2 before SP1 HF2 allows remote attackers to retrieve cleartext domain ad

CVE-2024-5322 CRITICAL
9.1 Jul 01

The N-central server is vulnerable to session rebinding of already authenticated users when using Entra SSO, which can l

CVE-2020-25618 HIGH
8.8 Dec 16

An issue was discovered in SolarWinds N-Central 12.3.0.670. Rated high severity (CVSS 8.8), this vulnerability is remote

CVE-2020-25617 HIGH
8.8 Dec 16

An issue was discovered in SolarWinds N-Central 12.3.0.670. Rated high severity (CVSS 8.8), this vulnerability is remote

CVE-2020-25621 HIGH
8.4 Dec 16

An issue was discovered in SolarWinds N-Central 12.3.0.670. Rated high severity (CVSS 8.4), this vulnerability is no aut

CVE-2020-25620 HIGH
7.8 Dec 16

An issue was discovered in SolarWinds N-Central 12.3.0.670. Rated high severity (CVSS 7.8), this vulnerability is low at

CVE-2023-30297 HIGH
7.0 Aug 04

An issue found in N-able Technologies N-central Server before 2023.4 allows a local attacker to execute arbitrary code v

CVE-2024-8510 MEDIUM
5.3 Mar 17

N-central is vulnerable to a path traversal that allows unintended access to the Apache Tomcat WEB-INF directory. Rated

Share

CVE-2020-25622 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy