CVE-2020-14519

EPSS 0.12%
Published 16.09.2020 20:15:13
Last modified 21.11.2024 05:03:26
Source ics-cert@hq.dhs.gov
Teams watchlist Login
Open Login

This vulnerability allows an attacker to use the internal WebSockets API for CodeMeter (All versions prior to 7.00 are affected, including Version 7.0 or newer with the affected WebSockets API still enabled. This is especially relevant for systems or devices where a web browser is used to access a web server) via a specifically crafted Java Script payload, which may allow alteration or creation of license files for when combined with CVE-2020-14515.

Affected products Warnungen 0 Metrics 3 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Wibu ≫ Codemeter Version < 7.00

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.12%	0.318

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:N/I:P/A:N

CWE-346 Origin Validation Error

The product does not properly verify that the source of data or communication is valid.

https://us-cert.cisa.gov/ics/advisories/icsa-20-203-01

Third Party Advisory

US Government Resource

https://nvd.nist.gov/vuln/detail/CVE-2020-14519

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-14519

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-14519

EUVD