Lucene search

[email protected]CVE-2017-14995

HistoryOct 04, 2017 - 1:29 a.m.

CVE-2017-14995

2017-10-0401:29:03

CWE-79

[email protected]

web.nvd.nist.gov

wso2

application server

business process server

business rules server

complex event processor

dashboard server

data analytics server

data services server

machine learner

xss

cve-2017-14995

nvd

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

5.2 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

41.5%

JSON

The Management Console in WSO2 Application Server 5.3.0, WSO2 Business Process Server 3.6.0, WSO2 Business Rules Server 2.2.0, WSO2 Complex Event Processor 4.2.0, WSO2 Dashboard Server 2.0.0, WSO2 Data Analytics Server 3.1.0, WSO2 Data Services Server 3.5.1, and WSO2 Machine Learner 1.2.0 is affected by stored XSS.

Affected configurations

NVD

Node

wso2application_serverMatch5.3.0

wso2business_process_serverMatch3.6.0

wso2business_rules_serverMatch2.2.0

wso2complex_event_processorMatch4.2.0

wso2dashboard_serverMatch2.0.0

wso2data_analytics_serverMatch3.1.0

wso2data_services_serverMatch3.5.1

wso2machine_learnerMatch1.2.0

CPENameOperatorVersion
wso2:application_serverwso2 application servereq5.3.0
wso2:business_process_serverwso2 business process servereq3.6.0
wso2:business_rules_serverwso2 business rules servereq2.2.0
wso2:complex_event_processorwso2 complex event processoreq4.2.0
wso2:dashboard_serverwso2 dashboard servereq2.0.0
wso2:data_analytics_serverwso2 data analytics servereq3.1.0
wso2:data_services_serverwso2 data services servereq3.5.1
wso2:machine_learnerwso2 machine learnereq1.2.0

CPE	Name	Operator	Version
wso2:application_server	wso2 application server	eq	5.3.0
wso2:business_process_server	wso2 business process server	eq	3.6.0
wso2:business_rules_server	wso2 business rules server	eq	2.2.0
wso2:complex_event_processor	wso2 complex event processor	eq	4.2.0
wso2:dashboard_server	wso2 dashboard server	eq	2.0.0
wso2:data_analytics_server	wso2 data analytics server	eq	3.1.0
wso2:data_services_server	wso2 data services server	eq	3.5.1
wso2:machine_learner	wso2 machine learner	eq	1.2.0

References

docs.wso2.com/display/Security/Security+Advisory+WSO2-2017-0257

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

5.2 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

41.5%

JSON

Related for CVE-2017-14995

nvd1 prion1 cvelist1 openvas3