var-202008-0561
Vulnerability from variot
An issue was discovered in certain WSO2 products. A valid Carbon Management Console session cookie may be sent to an attacker-controlled server if the victim submits a crafted Try It request, aka Session Hijacking. This affects API Manager 2.2.0, API Manager Analytics 2.2.0, API Microgateway 2.2.0, Data Analytics Server 3.2.0, Enterprise Integrator through 6.6.0, IS as Key Manager 5.5.0, Identity Server 5.5.0 and 5.8.0, Identity Server Analytics 5.5.0, and IoT Server 3.3.0 and 3.3.1. plural WSO2 The product contains unspecified vulnerabilities.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. There are security vulnerabilities in WSO2 products, which originate from the ability of Carbon management console to send cookie information to attackers. There is a security vulnerability in WSO2 products
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202008-0561",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "iot server",
"scope": "eq",
"trust": 1.8,
"vendor": "wso2",
"version": "3.3.0"
},
{
"model": "iot server",
"scope": "eq",
"trust": 1.8,
"vendor": "wso2",
"version": "3.3.1"
},
{
"model": "identity server analytics",
"scope": "eq",
"trust": 1.0,
"vendor": "wso2",
"version": "5.5.0"
},
{
"model": "identity server",
"scope": "eq",
"trust": 1.0,
"vendor": "wso2",
"version": "5.8.0"
},
{
"model": "enterprise integrator",
"scope": "lte",
"trust": 1.0,
"vendor": "wso2",
"version": "6.6.0"
},
{
"model": "api manager analytics",
"scope": "eq",
"trust": 1.0,
"vendor": "wso2",
"version": "2.2.0"
},
{
"model": "identity server",
"scope": "eq",
"trust": 1.0,
"vendor": "wso2",
"version": "5.5.0"
},
{
"model": "api microgateway",
"scope": "eq",
"trust": 1.0,
"vendor": "wso2",
"version": "2.2.0"
},
{
"model": "data analytics server",
"scope": "eq",
"trust": 1.0,
"vendor": "wso2",
"version": "3.2.0"
},
{
"model": "api manager",
"scope": "eq",
"trust": 1.0,
"vendor": "wso2",
"version": "2.2.0"
},
{
"model": "identity server as key manager",
"scope": "eq",
"trust": 1.0,
"vendor": "wso2",
"version": "5.5.0"
},
{
"model": "api manager",
"scope": null,
"trust": 0.8,
"vendor": "wso2",
"version": null
},
{
"model": "api manager analytics",
"scope": null,
"trust": 0.8,
"vendor": "wso2",
"version": null
},
{
"model": "api microgateway",
"scope": null,
"trust": 0.8,
"vendor": "wso2",
"version": null
},
{
"model": "data analytics server",
"scope": null,
"trust": 0.8,
"vendor": "wso2",
"version": null
},
{
"model": "enterprise integrator",
"scope": null,
"trust": 0.8,
"vendor": "wso2",
"version": null
},
{
"model": "identity server",
"scope": null,
"trust": 0.8,
"vendor": "wso2",
"version": null
},
{
"model": "identity server analytics",
"scope": null,
"trust": 0.8,
"vendor": "wso2",
"version": null
},
{
"model": "identity server as key manager",
"scope": null,
"trust": 0.8,
"vendor": "wso2",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-010579"
},
{
"db": "NVD",
"id": "CVE-2020-24703"
}
]
},
"cve": "CVE-2020-24703",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2020-24703",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-178608",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2020-24703",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "OTHER",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2020-010579",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-24703",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "cve@mitre.org",
"id": "CVE-2020-24703",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2020-24703",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202008-1347",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-178608",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-178608"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-010579"
},
{
"db": "CNNVD",
"id": "CNNVD-202008-1347"
},
{
"db": "NVD",
"id": "CVE-2020-24703"
},
{
"db": "NVD",
"id": "CVE-2020-24703"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered in certain WSO2 products. A valid Carbon Management Console session cookie may be sent to an attacker-controlled server if the victim submits a crafted Try It request, aka Session Hijacking. This affects API Manager 2.2.0, API Manager Analytics 2.2.0, API Microgateway 2.2.0, Data Analytics Server 3.2.0, Enterprise Integrator through 6.6.0, IS as Key Manager 5.5.0, Identity Server 5.5.0 and 5.8.0, Identity Server Analytics 5.5.0, and IoT Server 3.3.0 and 3.3.1. plural WSO2 The product contains unspecified vulnerabilities.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. There are security vulnerabilities in WSO2 products, which originate from the ability of Carbon management console to send cookie information to attackers. There is a security vulnerability in WSO2 products",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-24703"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-010579"
},
{
"db": "CNNVD",
"id": "CNNVD-202008-1347"
},
{
"db": "VULHUB",
"id": "VHN-178608"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-24703",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2020-010579",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202008-1347",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-178608",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-178608"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-010579"
},
{
"db": "CNNVD",
"id": "CNNVD-202008-1347"
},
{
"db": "NVD",
"id": "CVE-2020-24703"
}
]
},
"id": "VAR-202008-0561",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-178608"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T22:55:05.673000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "WSO2-2020-0687",
"trust": 0.8,
"url": "https://docs.wso2.com/display/Security/Security+Advisory+WSO2-2020-0687"
},
{
"title": "WSO2 Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=127962"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-010579"
},
{
"db": "CNNVD",
"id": "CNNVD-202008-1347"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "Lack of information (CWE-noinfo) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-010579"
},
{
"db": "NVD",
"id": "CVE-2020-24703"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-24703"
},
{
"trust": 1.0,
"url": "https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2020/wso2-2020-0687/"
},
{
"trust": 0.7,
"url": "https://docs.wso2.com/display/security/security+advisory+wso2-2020-0687"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-178608"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-010579"
},
{
"db": "CNNVD",
"id": "CNNVD-202008-1347"
},
{
"db": "NVD",
"id": "CVE-2020-24703"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-178608"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-010579"
},
{
"db": "CNNVD",
"id": "CNNVD-202008-1347"
},
{
"db": "NVD",
"id": "CVE-2020-24703"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-08-27T00:00:00",
"db": "VULHUB",
"id": "VHN-178608"
},
{
"date": "2021-01-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-010579"
},
{
"date": "2020-08-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202008-1347"
},
{
"date": "2020-08-27T16:15:11.583000",
"db": "NVD",
"id": "CVE-2020-24703"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-09-08T00:00:00",
"db": "VULHUB",
"id": "VHN-178608"
},
{
"date": "2021-01-28T07:56:00",
"db": "JVNDB",
"id": "JVNDB-2020-010579"
},
{
"date": "2021-01-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202008-1347"
},
{
"date": "2024-11-21T05:15:52.450000",
"db": "NVD",
"id": "CVE-2020-24703"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202008-1347"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural \u00a0WSO2\u00a0 Product vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-010579"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202008-1347"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.