CVE-2020-24703

EPSS 0.4%
Veröffentlicht 27.08.2020 16:15:11
Zuletzt bearbeitet 21.11.2024 05:15:52
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

An issue was discovered in certain WSO2 products. A valid Carbon Management Console session cookie may be sent to an attacker-controlled server if the victim submits a crafted Try It request, aka Session Hijacking. This affects API Manager 2.2.0, API Manager Analytics 2.2.0, API Microgateway 2.2.0, Data Analytics Server 3.2.0, Enterprise Integrator through 6.6.0, IS as Key Manager 5.5.0, Identity Server 5.5.0 and 5.8.0, Identity Server Analytics 5.5.0, and IoT Server 3.3.0 and 3.3.1.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 0 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Wso2 ≫ Api Manager Version2.2.0

Wso2 ≫ Api Manager Analytics Version2.2.0

Wso2 ≫ Api Microgateway Version2.2.0

Wso2 ≫ Data Analytics Server Version3.2.0

Wso2 ≫ Enterprise Integrator Version <= 6.6.0

Wso2 ≫ Identity Server Version5.5.0

Wso2 ≫ Identity Server Version5.8.0

Wso2 ≫ Identity Server Analytics Version5.5.0

Wso2 ≫ Identity Server As Key Manager Version5.5.0

Wso2 ≫ Iot Server Version3.3.0

Wso2 ≫ Iot Server Version3.3.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.4%	0.576

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvd@nist.gov	6.8	8.6	6.4	AV:N/AC:M/Au:N/C:P/I:P/A:P
cve@mitre.org	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2020/WSO2-2020-0687/

https://nvd.nist.gov/vuln/detail/CVE-2020-24703

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-24703

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-24703

EUVD