Lucene search

[email protected]CVE-2022-29548

HistoryApr 21, 2022 - 2:15 a.m.

CVE-2022-29548

2022-04-2102:15:06

CWE-79

[email protected]

web.nvd.nist.gov

690

cve-2022-29548

reflected xss

wso2

api manager

api manager analytics

api microgateway

data analytics server

enterprise integrator

identity server

identity server analytics

wso2 micro integrator

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

5.8 Medium

AI Score

Confidence

High

0.037 Low

EPSS

Percentile

91.9%

JSON

A reflected XSS issue exists in the Management Console of several WSO2 products. This affects API Manager 2.2.0, 2.5.0, 2.6.0, 3.0.0, 3.1.0, 3.2.0, and 4.0.0; API Manager Analytics 2.2.0, 2.5.0, and 2.6.0; API Microgateway 2.2.0; Data Analytics Server 3.2.0; Enterprise Integrator 6.2.0, 6.3.0, 6.4.0, 6.5.0, and 6.6.0; IS as Key Manager 5.5.0, 5.6.0, 5.7.0, 5.9.0, and 5.10.0; Identity Server 5.5.0, 5.6.0, 5.7.0, 5.9.0, 5.10.0, and 5.11.0; Identity Server Analytics 5.5.0 and 5.6.0; and WSO2 Micro Integrator 1.0.0.

Affected configurations

NVD

Node

wso2api_managerMatch2.2.0

wso2api_managerMatch2.5.0

wso2api_managerMatch2.6.0

wso2api_managerMatch3.0.0

wso2api_managerMatch3.1.0

wso2api_managerMatch3.2.0

wso2api_managerMatch4.0.0

wso2api_manager_analyticsMatch2.2.0

wso2api_manager_analyticsMatch2.5.0

wso2api_manager_analyticsMatch2.6.0

wso2api_microgatewayMatch2.2.0

wso2data_analytics_serverMatch3.2.0

wso2enterprise_integratorMatch6.2.0

wso2enterprise_integratorMatch6.3.0

wso2enterprise_integratorMatch6.4.0

wso2enterprise_integratorMatch6.5.0

wso2enterprise_integratorMatch6.6.0

wso2identity_serverMatch5.5.0

wso2identity_serverMatch5.6.0

wso2identity_serverMatch5.7.0

wso2identity_serverMatch5.9.0

wso2identity_serverMatch5.10.0

wso2identity_serverMatch5.11.0

wso2identity_server_analyticsMatch5.5.0

wso2identity_server_analyticsMatch5.6.0

wso2identity_server_as_key_managerMatch5.5.0

wso2identity_server_as_key_managerMatch5.6.0

wso2identity_server_as_key_managerMatch5.7.0

wso2identity_server_as_key_managerMatch5.9.0

wso2identity_server_as_key_managerMatch5.10.0

wso2micro_integratorMatch1.0.0

CPENameOperatorVersion
wso2:api_managerwso2 api managereq2.2.0
wso2:api_managerwso2 api managereq2.5.0
wso2:api_managerwso2 api managereq2.6.0
wso2:api_managerwso2 api managereq3.0.0
wso2:api_managerwso2 api managereq3.1.0
wso2:api_managerwso2 api managereq3.2.0
wso2:api_managerwso2 api managereq4.0.0
wso2:api_manager_analyticswso2 api manager analyticseq2.2.0
wso2:api_manager_analyticswso2 api manager analyticseq2.5.0
wso2:api_manager_analyticswso2 api manager analyticseq2.6.0

CPE	Name	Operator	Version
wso2:api_manager	wso2 api manager	eq	2.2.0
wso2:api_manager	wso2 api manager	eq	2.5.0
wso2:api_manager	wso2 api manager	eq	2.6.0
wso2:api_manager	wso2 api manager	eq	3.0.0
wso2:api_manager	wso2 api manager	eq	3.1.0
wso2:api_manager	wso2 api manager	eq	3.2.0
wso2:api_manager	wso2 api manager	eq	4.0.0
wso2:api_manager_analytics	wso2 api manager analytics	eq	2.2.0
wso2:api_manager_analytics	wso2 api manager analytics	eq	2.5.0
wso2:api_manager_analytics	wso2 api manager analytics	eq	2.6.0