Vulnerabilites related to SolarWinds - Network Performance Monitor
CVE-2021-31474 (GCVE-0-2021-31474)
Vulnerability from cvelistv5
Published
2021-05-21 14:40
Modified
2024-08-03 23:03
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-502 - Deserialization of Untrusted Data
Summary
This vulnerability allows remote attackers to execute arbitrary code on affected installations of SolarWinds Network Performance Monitor 2020.2.1. Authentication is not required to exploit this vulnerability. The specific flaw exists within the SolarWinds.Serialization library. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-12213.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.zerodayinitiative.com/advisories/ZDI-21-602/ | x_refsource_MISC | |
| https://documentation.solarwinds.com/en/success_center/sam/content/release_notes/sam_2020-2-5_release_notes.htm | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SolarWinds | Network Performance Monitor |
Version: 2020.2.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:03:32.654Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-602/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://documentation.solarwinds.com/en/success_center/sam/content/release_notes/sam_2020-2-5_release_notes.htm"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Network Performance Monitor",
"vendor": "SolarWinds",
"versions": [
{
"status": "affected",
"version": "2020.2.1"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Anonymous"
}
],
"descriptions": [
{
"lang": "en",
"value": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of SolarWinds Network Performance Monitor 2020.2.1. Authentication is not required to exploit this vulnerability. The specific flaw exists within the SolarWinds.Serialization library. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-12213."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502: Deserialization of Untrusted Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-21T14:40:15",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-602/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://documentation.solarwinds.com/en/success_center/sam/content/release_notes/sam_2020-2-5_release_notes.htm"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "zdi-disclosures@trendmicro.com",
"ID": "CVE-2021-31474",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Network Performance Monitor",
"version": {
"version_data": [
{
"version_value": "2020.2.1"
}
]
}
}
]
},
"vendor_name": "SolarWinds"
}
]
}
},
"credit": "Anonymous",
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of SolarWinds Network Performance Monitor 2020.2.1. Authentication is not required to exploit this vulnerability. The specific flaw exists within the SolarWinds.Serialization library. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-12213."
}
]
},
"impact": {
"cvss": {
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-502: Deserialization of Untrusted Data"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-21-602/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-602/"
},
{
"name": "https://documentation.solarwinds.com/en/success_center/sam/content/release_notes/sam_2020-2-5_release_notes.htm",
"refsource": "MISC",
"url": "https://documentation.solarwinds.com/en/success_center/sam/content/release_notes/sam_2020-2-5_release_notes.htm"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2021-31474",
"datePublished": "2021-05-21T14:40:15",
"dateReserved": "2021-04-16T00:00:00",
"dateUpdated": "2024-08-03T23:03:32.654Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-27869 (GCVE-0-2020-27869)
Vulnerability from cvelistv5
Published
2021-02-11 23:35
Modified
2024-08-04 16:25
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Summary
This vulnerability allows remote attackers to escalate privileges on affected installations of SolarWinds Network Performance Monitor 2020 HF1, NPM: 2020.2. Authentication is required to exploit this vulnerability. The specific flaw exists within the WriteToFile method. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to escalate privileges and reset the password for the Admin user. Was ZDI-CAN-11804.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.zerodayinitiative.com/advisories/ZDI-21-064/ | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SolarWinds | Network Performance Monitor |
Version: 2020 HF1, NPM: 2020.2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T16:25:43.921Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-064/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Network Performance Monitor",
"vendor": "SolarWinds",
"versions": [
{
"status": "affected",
"version": "2020 HF1, NPM: 2020.2"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Anonymous"
}
],
"descriptions": [
{
"lang": "en",
"value": "This vulnerability allows remote attackers to escalate privileges on affected installations of SolarWinds Network Performance Monitor 2020 HF1, NPM: 2020.2. Authentication is required to exploit this vulnerability. The specific flaw exists within the WriteToFile method. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to escalate privileges and reset the password for the Admin user. Was ZDI-CAN-11804."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-03-12T14:00:19",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-064/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "zdi-disclosures@trendmicro.com",
"ID": "CVE-2020-27869",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Network Performance Monitor",
"version": {
"version_data": [
{
"version_value": "2020 HF1, NPM: 2020.2"
}
]
}
}
]
},
"vendor_name": "SolarWinds"
}
]
}
},
"credit": "Anonymous",
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "This vulnerability allows remote attackers to escalate privileges on affected installations of SolarWinds Network Performance Monitor 2020 HF1, NPM: 2020.2. Authentication is required to exploit this vulnerability. The specific flaw exists within the WriteToFile method. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to escalate privileges and reset the password for the Admin user. Was ZDI-CAN-11804."
}
]
},
"impact": {
"cvss": {
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-21-064/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-064/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2020-27869",
"datePublished": "2021-02-11T23:35:42",
"dateReserved": "2020-10-27T00:00:00",
"dateUpdated": "2024-08-04T16:25:43.921Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
var-202006-0485
Vulnerability from variot
Solarwinds Orion (with Web Console WPM 2019.4.1, and Orion Platform HF4 or NPM HF2 2019.4) allows remote attackers to execute arbitrary code via a defined event. (DoS) It may be put into a state. Authentication is required to exploit this vulnerability.The specific flaw exists within the ExecuteExternalProgram method. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of system. SolarWinds Orion Platform is a set of network fault and network performance management platform of SolarWinds in the United States. The platform can provide real-time monitoring and analysis of network equipment, and supports customized web interface, multiple user opinions, and map browsing of the entire network
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "orion web performance monitor",
"scope": "eq",
"trust": 1.8,
"vendor": "solarwinds",
"version": "2019.4.1"
},
{
"_id": null,
"model": "network performance monitor",
"scope": null,
"trust": 1.4,
"vendor": "solarwinds",
"version": null
},
{
"_id": null,
"model": "orion network performance monitor",
"scope": "eq",
"trust": 1.0,
"vendor": "solarwinds",
"version": "2019.4"
},
{
"_id": null,
"model": "orion network performance monitor",
"scope": "eq",
"trust": 0.8,
"vendor": "solarwinds",
"version": "2019.4 hf2"
},
{
"_id": null,
"model": "orion platform hf4 or npm",
"scope": "eq",
"trust": 0.6,
"vendor": "solarwinds",
"version": "2019.4"
},
{
"_id": null,
"model": "orion web console wpm",
"scope": "eq",
"trust": 0.6,
"vendor": "solarwinds",
"version": "2019.4.1"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-065"
},
{
"db": "ZDI",
"id": "ZDI-21-063"
},
{
"db": "CNVD",
"id": "CNVD-2021-24892"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-007386"
},
{
"db": "NVD",
"id": "CVE-2020-14005"
}
]
},
"configurations": {
"_id": null,
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:solarwinds:orion_network_performance_monitor",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:solarwinds:orion_web_performance_monitor",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-007386"
}
]
},
"credits": {
"_id": null,
"data": "Piotr Bazydlo (@chudypb)",
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-065"
},
{
"db": "ZDI",
"id": "ZDI-21-063"
}
],
"trust": 1.4
},
"cve": "CVE-2020-14005",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "CVE-2020-14005",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 9.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "JVNDB-2020-007386",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "CNVD-2021-24892",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "ZDI",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2020-14005",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.4,
"userInteraction": "NONE",
"vectorString": "AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2020-14005",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2020-007386",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "ZDI",
"id": "CVE-2020-14005",
"trust": 1.4,
"value": "HIGH"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2020-14005",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "JVNDB-2020-007386",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2021-24892",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202006-1672",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-065"
},
{
"db": "ZDI",
"id": "ZDI-21-063"
},
{
"db": "CNVD",
"id": "CNVD-2021-24892"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-007386"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-1672"
},
{
"db": "NVD",
"id": "CVE-2020-14005"
}
]
},
"description": {
"_id": null,
"data": "Solarwinds Orion (with Web Console WPM 2019.4.1, and Orion Platform HF4 or NPM HF2 2019.4) allows remote attackers to execute arbitrary code via a defined event. (DoS) It may be put into a state. Authentication is required to exploit this vulnerability.The specific flaw exists within the ExecuteExternalProgram method. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of system. SolarWinds Orion Platform is a set of network fault and network performance management platform of SolarWinds in the United States. The platform can provide real-time monitoring and analysis of network equipment, and supports customized web interface, multiple user opinions, and map browsing of the entire network",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-14005"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-007386"
},
{
"db": "ZDI",
"id": "ZDI-21-065"
},
{
"db": "ZDI",
"id": "ZDI-21-063"
},
{
"db": "CNVD",
"id": "CNVD-2021-24892"
}
],
"trust": 3.42
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2020-14005",
"trust": 4.4
},
{
"db": "ZDI",
"id": "ZDI-21-065",
"trust": 2.3
},
{
"db": "ZDI",
"id": "ZDI-21-063",
"trust": 2.3
},
{
"db": "JVNDB",
"id": "JVNDB-2020-007386",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-11859",
"trust": 0.7
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-11858",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2021-24892",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "48640",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202006-1672",
"trust": 0.6
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-065"
},
{
"db": "ZDI",
"id": "ZDI-21-063"
},
{
"db": "CNVD",
"id": "CNVD-2021-24892"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-007386"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-1672"
},
{
"db": "NVD",
"id": "CVE-2020-14005"
}
]
},
"id": "VAR-202006-0485",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-24892"
}
],
"trust": 1.6
},
"iot_taxonomy": {
"_id": null,
"data": [
{
"category": [
"IoT"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-24892"
}
]
},
"last_update_date": "2024-11-23T22:47:59.291000Z",
"patch": {
"_id": null,
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.solarwinds.com/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-007386"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-14005"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 2.4,
"url": "https://gist.github.com/alert3/c9dcce5474e55f408c93c086c30cdbb7"
},
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14005"
},
{
"trust": 1.6,
"url": "https://www.zerodayinitiative.com/advisories/zdi-21-063/"
},
{
"trust": 1.6,
"url": "https://www.zerodayinitiative.com/advisories/zdi-21-065/"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-14005"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/48640"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-24892"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-007386"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-1672"
},
{
"db": "NVD",
"id": "CVE-2020-14005"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "ZDI",
"id": "ZDI-21-065",
"ident": null
},
{
"db": "ZDI",
"id": "ZDI-21-063",
"ident": null
},
{
"db": "CNVD",
"id": "CNVD-2021-24892",
"ident": null
},
{
"db": "JVNDB",
"id": "JVNDB-2020-007386",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-202006-1672",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2020-14005",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2021-09-20T00:00:00",
"db": "ZDI",
"id": "ZDI-21-065",
"ident": null
},
{
"date": "2021-09-20T00:00:00",
"db": "ZDI",
"id": "ZDI-21-063",
"ident": null
},
{
"date": "2021-04-04T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-24892",
"ident": null
},
{
"date": "2020-08-11T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-007386",
"ident": null
},
{
"date": "2020-06-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202006-1672",
"ident": null
},
{
"date": "2020-06-24T14:15:12.037000",
"db": "NVD",
"id": "CVE-2020-14005",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2022-05-26T00:00:00",
"db": "ZDI",
"id": "ZDI-21-065",
"ident": null
},
{
"date": "2022-05-26T00:00:00",
"db": "ZDI",
"id": "ZDI-21-063",
"ident": null
},
{
"date": "2021-04-04T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-24892",
"ident": null
},
{
"date": "2020-08-11T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-007386",
"ident": null
},
{
"date": "2021-01-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202006-1672",
"ident": null
},
{
"date": "2024-11-21T05:02:20.037000",
"db": "NVD",
"id": "CVE-2020-14005",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202006-1672"
}
],
"trust": 0.6
},
"title": {
"_id": null,
"data": "Solarwinds Orion Vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-007386"
}
],
"trust": 0.8
},
"type": {
"_id": null,
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202006-1672"
}
],
"trust": 0.6
}
}