Lucene search

[email protected]NVD:CVE-2022-29548

HistoryApr 21, 2022 - 2:15 a.m.

CVE-2022-29548

2022-04-2102:15:06

CWE-79

[email protected]

web.nvd.nist.gov

cve-2022-29548

reflected xss

wso2 products

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.046

Percentile

92.7%

JSON

A reflected XSS issue exists in the Management Console of several WSO2 products. This affects API Manager 2.2.0, 2.5.0, 2.6.0, 3.0.0, 3.1.0, 3.2.0, and 4.0.0; API Manager Analytics 2.2.0, 2.5.0, and 2.6.0; API Microgateway 2.2.0; Data Analytics Server 3.2.0; Enterprise Integrator 6.2.0, 6.3.0, 6.4.0, 6.5.0, and 6.6.0; IS as Key Manager 5.5.0, 5.6.0, 5.7.0, 5.9.0, and 5.10.0; Identity Server 5.5.0, 5.6.0, 5.7.0, 5.9.0, 5.10.0, and 5.11.0; Identity Server Analytics 5.5.0 and 5.6.0; and WSO2 Micro Integrator 1.0.0.

Affected configurations

Nvd

Node

wso2api_managerMatch2.2.0

wso2api_managerMatch2.5.0

wso2api_managerMatch2.6.0

wso2api_managerMatch3.0.0

wso2api_managerMatch3.1.0

wso2api_managerMatch3.2.0

wso2api_managerMatch4.0.0

wso2api_manager_analyticsMatch2.2.0

wso2api_manager_analyticsMatch2.5.0

wso2api_manager_analyticsMatch2.6.0

wso2api_microgatewayMatch2.2.0

wso2data_analytics_serverMatch3.2.0

wso2enterprise_integratorMatch6.2.0

wso2enterprise_integratorMatch6.3.0

wso2enterprise_integratorMatch6.4.0

wso2enterprise_integratorMatch6.5.0

wso2enterprise_integratorMatch6.6.0

wso2identity_serverMatch5.5.0

wso2identity_serverMatch5.6.0

wso2identity_serverMatch5.7.0

wso2identity_serverMatch5.9.0

wso2identity_serverMatch5.10.0

wso2identity_serverMatch5.11.0

wso2identity_server_analyticsMatch5.5.0

wso2identity_server_analyticsMatch5.6.0

wso2identity_server_as_key_managerMatch5.5.0

wso2identity_server_as_key_managerMatch5.6.0

wso2identity_server_as_key_managerMatch5.7.0

wso2identity_server_as_key_managerMatch5.9.0

wso2identity_server_as_key_managerMatch5.10.0

wso2micro_integratorMatch1.0.0

VendorProductVersionCPE
wso2api_manager2.2.0cpe:2.3:a:wso2:api_manager:2.2.0:*:*:*:*:*:*:*
wso2api_manager2.5.0cpe:2.3:a:wso2:api_manager:2.5.0:*:*:*:*:*:*:*
wso2api_manager2.6.0cpe:2.3:a:wso2:api_manager:2.6.0:*:*:*:*:*:*:*
wso2api_manager3.0.0cpe:2.3:a:wso2:api_manager:3.0.0:*:*:*:*:*:*:*
wso2api_manager3.1.0cpe:2.3:a:wso2:api_manager:3.1.0:*:*:*:*:*:*:*
wso2api_manager3.2.0cpe:2.3:a:wso2:api_manager:3.2.0:*:*:*:*:*:*:*
wso2api_manager4.0.0cpe:2.3:a:wso2:api_manager:4.0.0:*:*:*:*:*:*:*
wso2api_manager_analytics2.2.0cpe:2.3:a:wso2:api_manager_analytics:2.2.0:*:*:*:*:*:*:*
wso2api_manager_analytics2.5.0cpe:2.3:a:wso2:api_manager_analytics:2.5.0:*:*:*:*:*:*:*
wso2api_manager_analytics2.6.0cpe:2.3:a:wso2:api_manager_analytics:2.6.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
wso2	api_manager	2.2.0	cpe:2.3:a:wso2:api_manager:2.2.0:::::::*
wso2	api_manager	2.5.0	cpe:2.3:a:wso2:api_manager:2.5.0:::::::*
wso2	api_manager	2.6.0	cpe:2.3:a:wso2:api_manager:2.6.0:::::::*
wso2	api_manager	3.0.0	cpe:2.3:a:wso2:api_manager:3.0.0:::::::*
wso2	api_manager	3.1.0	cpe:2.3:a:wso2:api_manager:3.1.0:::::::*
wso2	api_manager	3.2.0	cpe:2.3:a:wso2:api_manager:3.2.0:::::::*
wso2	api_manager	4.0.0	cpe:2.3:a:wso2:api_manager:4.0.0:::::::*
wso2	api_manager_analytics	2.2.0	cpe:2.3:a:wso2:api_manager_analytics:2.2.0:::::::*
wso2	api_manager_analytics	2.5.0	cpe:2.3:a:wso2:api_manager_analytics:2.5.0:::::::*
wso2	api_manager_analytics	2.6.0	cpe:2.3:a:wso2:api_manager_analytics:2.6.0:::::::*