Lucene search

[email protected]CVE-2022-39810

HistorySep 09, 2022 - 5:15 p.m.

CVE-2022-39810

2022-09-0917:15:08

CWE-79

[email protected]

web.nvd.nist.gov

286

wso2

enterprise integrator

6.4.0

xss

vulnerability

nvd

cross-site scripting

session hijacking

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

31.5%

JSON

An issue was discovered in WSO2 Enterprise Integrator 6.4.0. A Reflected Cross-Site Scripting (XSS) vulnerability has been identified in the Management Console under /carbon/ndatasource/validateconnection/ajaxprocessor.jsp via the driver parameter. Session hijacking or similar attacks would not be possible.

Affected configurations

NVD

Node

wso2enterprise_integratorMatch6.4.0

CPENameOperatorVersion
wso2:enterprise_integratorwso2 enterprise integratoreq6.4.0

CPE	Name	Operator	Version
wso2:enterprise_integrator	wso2 enterprise integrator	eq	6.4.0

References

www.gruppotim.it/it/footer/red-team.html

Social References

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

31.5%

JSON

Related for CVE-2022-39810

nvd1 prion1 cvelist1