CVE-2020-24703

EPSS 0.4%
Published 27.08.2020 16:15:11
Last modified 21.11.2024 05:15:52
Source cve@mitre.org
Teams watchlist Login
Open Login

An issue was discovered in certain WSO2 products. A valid Carbon Management Console session cookie may be sent to an attacker-controlled server if the victim submits a crafted Try It request, aka Session Hijacking. This affects API Manager 2.2.0, API Manager Analytics 2.2.0, API Microgateway 2.2.0, Data Analytics Server 3.2.0, Enterprise Integrator through 6.6.0, IS as Key Manager 5.5.0, Identity Server 5.5.0 and 5.8.0, Identity Server Analytics 5.5.0, and IoT Server 3.3.0 and 3.3.1.

Affected products Warnungen 0 Metrics 4 CWE 0 References 4

Data is provided by the National Vulnerability Database (NVD)

Wso2 ≫ Api Manager Version2.2.0

Wso2 ≫ Api Manager Analytics Version2.2.0

Wso2 ≫ Api Microgateway Version2.2.0

Wso2 ≫ Data Analytics Server Version3.2.0

Wso2 ≫ Enterprise Integrator Version <= 6.6.0

Wso2 ≫ Identity Server Version5.5.0

Wso2 ≫ Identity Server Version5.8.0

Wso2 ≫ Identity Server Analytics Version5.5.0

Wso2 ≫ Identity Server As Key Manager Version5.5.0

Wso2 ≫ Iot Server Version3.3.0

Wso2 ≫ Iot Server Version3.3.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.4%	0.576

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvd@nist.gov	6.8	8.6	6.4	AV:N/AC:M/Au:N/C:P/I:P/A:P
cve@mitre.org	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2020/WSO2-2020-0687/

https://nvd.nist.gov/vuln/detail/CVE-2020-24703

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-24703

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-24703

EUVD