Lucene search

[email protected]NVD:CVE-2020-14519

HistorySep 16, 2020 - 8:15 p.m.

CVE-2020-14519

2020-09-1620:15:13

CWE-346

[email protected]

web.nvd.nist.gov

vulnerability

websockets api

unauthorized access

codemeter

cve-2020-14519

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

EPSS

0.001

Percentile

34.6%

JSON

This vulnerability allows an attacker to use the internal WebSockets API for CodeMeter (All versions prior to 7.00 are affected, including Version 7.0 or newer with the affected WebSockets API still enabled. This is especially relevant for systems or devices where a web browser is used to access a web server) via a specifically crafted Java Script payload, which may allow alteration or creation of license files for when combined with CVE-2020-14515.

Affected configurations

Nvd

Node

wibucodemeterRange<7.00

VendorProductVersionCPE
wibucodemeter*cpe:2.3:a:wibu:codemeter:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
wibu	codemeter	*	cpe:2.3:a:wibu:codemeter::::::::

References

us-cert.cisa.gov/ics/advisories/icsa-20-203-01

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

EPSS

0.001

Percentile

34.6%

JSON

Related for NVD:CVE-2020-14519

cve2 prion2 cvelist2 nessus2 nvd1 ics1 threatpost1