CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-47132
https://notcve.org/view.php?id=CVE-2023-47132
An issue discovered in N-able N-central before 2023.6 and earlier allows attackers to gain escalated privileges via API calls. Un problema descubierto en N-able N-central antes de 2023.6 y anteriores permite a los atacantes obtener privilegios elevados a través de llamadas API. • https://me.n-able.com/s/security-advisory/aArHs000000M8CHKA0/cve202347132-ncentral-api-privilege-escalation • CWE-269: Improper Privilege Management •
CVSS: 7.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-30297
https://notcve.org/view.php?id=CVE-2023-30297
An issue found in N-able Technologies N-central Server before 2023.4 allows a local attacker to execute arbitrary code via the monitoring function of the server. Un problema encontrado en N-central Server de N-able Technologies para versiones anteriores a 2023.4 permite a un atacante local ejecutar código arbitrario a través de la función de monitorización del servidor. • https://status.n-able.com/2023/07/27/cve-2023-30297-release-note https://www.n-able.com •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-25622
https://notcve.org/view.php?id=CVE-2020-25622
An issue was discovered in SolarWinds N-Central 12.3.0.670. The AdvancedScripts HTTP endpoint allows CSRF. Se detectó un problema en SolarWinds N-Central versión 12.3.0.670. El endpoint HTTP AdvancedScripts permite un ataque de tipo CSRF • https://ernw.de/en/publications.html https://insinuator.net/2020/12/security-advisories-for-solarwinds-n-central https://support.solarwinds.com/SuccessCenter/s • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 8.4EPSS: 0%CPEs: 1EXPL: 0CVE-2020-25621
https://notcve.org/view.php?id=CVE-2020-25621
An issue was discovered in SolarWinds N-Central 12.3.0.670. The local database does not require authentication: security is only based on ability to access a network interface. The database has keys and passwords. Se detectó un problema en SolarWinds N-Central versión 12.3.0.670. La base de datos local no requiere autenticación: la seguridad solo es basada en la capacidad de acceder a una interfaz de red. • https://ernw.de/en/publications.html https://insinuator.net/2020/12/security-advisories-for-solarwinds-n-central https://support.solarwinds.com/SuccessCenter/s • CWE-306: Missing Authentication for Critical Function •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-25620
https://notcve.org/view.php?id=CVE-2020-25620
An issue was discovered in SolarWinds N-Central 12.3.0.670. Hard-coded Credentials exist by default for local user accounts named support@n-able.com and nableadmin@n-able.com. These allow logins to the N-Central Administrative Console (NAC) and/or the regular web interface. Se detectó un problema en SolarWinds N-Central versión 12.3.0.670. Se presentan Credenciales Embebidas por defecto para las cuentas de usuario locales denominadas support@n-able.com y nableadmin@n-able.com. • https://ernw.de/en/publications.html https://insinuator.net/2020/12/security-advisories-for-solarwinds-n-central https://support.solarwinds.com/SuccessCenter/s • CWE-798: Use of Hard-coded Credentials •