CyberSec.Space Logo
CVEブラウザに戻る

CVE-2020-13169

CRITICAL
9.0
CVSS Severity Score
EPSS Score0.1470%
EPSS Percentile17.62th
Published2020年9月17日
Last Modified2024年11月21日

Vulnerability Description

Stored XSS (Cross-Site Scripting) exists in the SolarWinds Orion Platform before before 2020.2.1 on multiple forms and pages. This vulnerability may lead to the Information Disclosure and Escalation of Privileges (takeover of administrator account).

Affected Platforms (CPE)

📦
Solarwinds

Orion Platform

< 2020.2.1

References & Advisories

🔗 https://documentation.solarwinds.com/en/Success_Center/orionplatform/Content/Release_Notes/Orion_Platform_2020-2-1_release_notes.htm#NewFeaturesOrion
🔗 https://support.solarwinds.com/SuccessCenter/s/
🔗 https://documentation.solarwinds.com/en/Success_Center/orionplatform/Content/Release_Notes/Orion_Platform_2020-2-1_release_notes.htm#NewFeaturesOrion
🔗 https://support.solarwinds.com/SuccessCenter/s/

関連する脆弱性情報

CVE-2021-252749.8

The Collector Service in SolarWinds Orion Platform before 2020.2.4 uses MSMQ (Microsoft Message Queue) and doesn't set permissions...

CVE-2020-101489.8

The SolarWinds Orion API is vulnerable to an authentication bypass that could allow a remote attacker to execute API commands. Thi...

CVE-2019-95469.8

SolarWinds Orion Platform before 2018.4 Hotfix 2 allows privilege escalation through the RabbitMQ service.

CVE-2021-272589.8

This vulnerability allows remote attackers to execute escalate privileges on affected installations of SolarWinds Orion Platform 2...