CVE-2020-24705

EPSS 0.4%
Veröffentlicht 27.08.2020 16:15:11
Zuletzt bearbeitet 21.11.2024 05:15:52
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

An issue was discovered in certain WSO2 products. A valid Carbon Management Console session cookie may be sent to an attacker-controlled server if the victim submits a crafted Try It request, aka Session Hijacking. This affects API Manager through 3.1.0, API Manager Analytics 2.5.0, IS as Key Manager through 5.10.0, Identity Server through 5.10.0, Identity Server Analytics through 5.6.0, and IoT Server 3.1.0.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 0 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Wso2 ≫ Api Manager Version <= 3.1.0

Wso2 ≫ Api Manager Analytics Version2.5.0

Wso2 ≫ Identity Server Version <= 5.10.0

Wso2 ≫ Identity Server Analytics Version <= 5.6.0

Wso2 ≫ Identity Server As Key Manager Version <= 5.10.0

Wso2 ≫ Iot Server Version3.1.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.4%	0.576

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvd@nist.gov	6.8	8.6	6.4	AV:N/AC:M/Au:N/C:P/I:P/A:P
cve@mitre.org	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2020/WSO2-2020-0718/

https://nvd.nist.gov/vuln/detail/CVE-2020-24705

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-24705

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-24705

EUVD