Lucene search

MitreCVE-2020-24704

HistoryAug 27, 2020 - 4:15 p.m.

CVE-2020-24704

2020-08-2716:15:11

CWE-79

mitre

web.nvd.nist.gov

wso2

security

cve

reflected xss

api manager

analytics

microgateway

data analytics

enterprise integrator

identity server

iot server

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

33.8%

JSON

An issue was discovered in certain WSO2 products. The Try It tool allows Reflected XSS. This affects API Manager 2.2.0, API Manager Analytics 2.2.0, API Microgateway 2.2.0, Data Analytics Server 3.2.0, Enterprise Integrator through 6.6.0, IS as Key Manager 5.5.0, Identity Server 5.5.0 and 5.8.0, Identity Server Analytics 5.5.0, and IoT Server 3.3.0 and 3.3.1.

Affected configurations

Nvd

Node

wso2api_managerMatch2.2.0

wso2api_manager_analyticsMatch2.2.0

wso2api_microgatewayMatch2.2.0

wso2data_analytics_serverMatch3.2.0

wso2enterprise_integratorRange≤6.6.0

wso2identity_serverMatch5.5.0

wso2identity_serverMatch5.8.0

wso2identity_server_analyticsMatch5.5.0

wso2identity_server_as_key_managerMatch5.5.0

wso2iot_serverMatch3.3.0

wso2iot_serverMatch3.3.1

VendorProductVersionCPE
wso2api_manager2.2.0cpe:2.3:a:wso2:api_manager:2.2.0:*:*:*:*:*:*:*
wso2api_manager_analytics2.2.0cpe:2.3:a:wso2:api_manager_analytics:2.2.0:*:*:*:*:*:*:*
wso2api_microgateway2.2.0cpe:2.3:a:wso2:api_microgateway:2.2.0:*:*:*:*:*:*:*
wso2data_analytics_server3.2.0cpe:2.3:a:wso2:data_analytics_server:3.2.0:*:*:*:*:*:*:*
wso2enterprise_integrator*cpe:2.3:a:wso2:enterprise_integrator:*:*:*:*:*:*:*:*
wso2identity_server5.5.0cpe:2.3:a:wso2:identity_server:5.5.0:*:*:*:*:*:*:*
wso2identity_server5.8.0cpe:2.3:a:wso2:identity_server:5.8.0:*:*:*:*:*:*:*
wso2identity_server_analytics5.5.0cpe:2.3:a:wso2:identity_server_analytics:5.5.0:*:*:*:*:*:*:*
wso2identity_server_as_key_manager5.5.0cpe:2.3:a:wso2:identity_server_as_key_manager:5.5.0:*:*:*:*:*:*:*
wso2iot_server3.3.0cpe:2.3:a:wso2:iot_server:3.3.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
wso2	api_manager	2.2.0	cpe:2.3:a:wso2:api_manager:2.2.0:::::::*
wso2	api_manager_analytics	2.2.0	cpe:2.3:a:wso2:api_manager_analytics:2.2.0:::::::*
wso2	api_microgateway	2.2.0	cpe:2.3:a:wso2:api_microgateway:2.2.0:::::::*
wso2	data_analytics_server	3.2.0	cpe:2.3:a:wso2:data_analytics_server:3.2.0:::::::*
wso2	enterprise_integrator	*	cpe:2.3:a:wso2:enterprise_integrator::::::::
wso2	identity_server	5.5.0	cpe:2.3:a:wso2:identity_server:5.5.0:::::::*
wso2	identity_server	5.8.0	cpe:2.3:a:wso2:identity_server:5.8.0:::::::*
wso2	identity_server_analytics	5.5.0	cpe:2.3:a:wso2:identity_server_analytics:5.5.0:::::::*
wso2	identity_server_as_key_manager	5.5.0	cpe:2.3:a:wso2:identity_server_as_key_manager:5.5.0:::::::*
wso2	iot_server	3.3.0	cpe:2.3:a:wso2:iot_server:3.3.0:::::::*

Rows per page:

1-10 of 111

References

security.docs.wso2.com/en/latest/security-announcements/security-advisories/2020/WSO2-2020-0685/

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

33.8%

JSON

Related for CVE-2020-24704