var-202006-0508
Vulnerability from variot
In WSO2 API Manager 3.0.0 and earlier, WSO2 API Microgateway 2.2.0, and WSO2 IS as Key Manager 5.9.0 and earlier, Management Console allows XXE during addition or update of a Lifecycle. (DoS) It may be put into a state. WSO2 API Manager, etc. are all products of the American WSO2 company. WSO2 API Microgateway is a cloud-native and extensible API gateway product. WSO2 IS as Key Manager is a key manager. This vulnerability stems from improper design or implementation problems in the code development process of network systems or products
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202006-0508",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "api microgateway",
"scope": "eq",
"trust": 1.8,
"vendor": "wso2",
"version": "2.2.0"
},
{
"model": "api manager",
"scope": "lte",
"trust": 1.0,
"vendor": "wso2",
"version": "3.0.0"
},
{
"model": "identity server as key manager",
"scope": "lte",
"trust": 1.0,
"vendor": "wso2",
"version": "5.9.0"
},
{
"model": "identity server as key manager",
"scope": "eq",
"trust": 0.8,
"vendor": "wso2",
"version": "5.9.0"
},
{
"model": "api manager",
"scope": "eq",
"trust": 0.8,
"vendor": "wso2",
"version": "3.0.0"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-006170"
},
{
"db": "NVD",
"id": "CVE-2020-13883"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:wso2:identity_server_as_key_manager",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:wso2:api_manager",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:wso2:api_microgateway",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-006170"
}
]
},
"cve": "CVE-2020-13883",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "CVE-2020-13883",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 6.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2020-006170",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "VHN-166706",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 1.2,
"id": "CVE-2020-13883",
"impactScore": 5.5,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "cve@mitre.org",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 1.2,
"id": "CVE-2020-13883",
"impactScore": 4.2,
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 6.7,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "JVNDB-2020-006170",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "High",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-13883",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "cve@mitre.org",
"id": "CVE-2020-13883",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "JVNDB-2020-006170",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-202006-577",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-166706",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-166706"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006170"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-577"
},
{
"db": "NVD",
"id": "CVE-2020-13883"
},
{
"db": "NVD",
"id": "CVE-2020-13883"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "In WSO2 API Manager 3.0.0 and earlier, WSO2 API Microgateway 2.2.0, and WSO2 IS as Key Manager 5.9.0 and earlier, Management Console allows XXE during addition or update of a Lifecycle. (DoS) It may be put into a state. WSO2 API Manager, etc. are all products of the American WSO2 company. WSO2 API Microgateway is a cloud-native and extensible API gateway product. WSO2 IS as Key Manager is a key manager. This vulnerability stems from improper design or implementation problems in the code development process of network systems or products",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-13883"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006170"
},
{
"db": "VULHUB",
"id": "VHN-166706"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-13883",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006170",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202006-577",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2020-36737",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-166706",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-166706"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006170"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-577"
},
{
"db": "NVD",
"id": "CVE-2020-13883"
}
]
},
"id": "VAR-202006-0508",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-166706"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T22:25:26.536000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "WSO2-2020-0727",
"trust": 0.8,
"url": "https://docs.wso2.com/display/Security/Security+Advisory+WSO2-2020-0727"
},
{
"title": "WSO2 API Manager and WSO2 API Microgateway , WSO2 IS as Key Manager Fixes for code issue vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=120674"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-006170"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-577"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-611",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-166706"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006170"
},
{
"db": "NVD",
"id": "CVE-2020-13883"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://docs.wso2.com/display/security/security+advisory+wso2-2020-0727"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-13883"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-13883"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-166706"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006170"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-577"
},
{
"db": "NVD",
"id": "CVE-2020-13883"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-166706"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006170"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-577"
},
{
"db": "NVD",
"id": "CVE-2020-13883"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-06-06T00:00:00",
"db": "VULHUB",
"id": "VHN-166706"
},
{
"date": "2020-07-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-006170"
},
{
"date": "2020-06-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202006-577"
},
{
"date": "2020-06-06T19:15:09.690000",
"db": "NVD",
"id": "CVE-2020-13883"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-06-10T00:00:00",
"db": "VULHUB",
"id": "VHN-166706"
},
{
"date": "2020-07-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-006170"
},
{
"date": "2020-06-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202006-577"
},
{
"date": "2024-11-21T05:02:04.300000",
"db": "NVD",
"id": "CVE-2020-13883"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202006-577"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural WSO2 In the product XML External entity vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-006170"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "code problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202006-577"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.