8.8
CVE-2020-24705
- EPSS 0.4%
- Published 27.08.2020 16:15:11
- Last modified 21.11.2024 05:15:52
- Source cve@mitre.org
- Teams watchlist Login
- Open Login
An issue was discovered in certain WSO2 products. A valid Carbon Management Console session cookie may be sent to an attacker-controlled server if the victim submits a crafted Try It request, aka Session Hijacking. This affects API Manager through 3.1.0, API Manager Analytics 2.5.0, IS as Key Manager through 5.10.0, Identity Server through 5.10.0, Identity Server Analytics through 5.6.0, and IoT Server 3.1.0.
Data is provided by the National Vulnerability Database (NVD)
Wso2 ≫ Api Manager Version <= 3.1.0
Wso2 ≫ Api Manager Analytics Version2.5.0
Wso2 ≫ Identity Server Version <= 5.10.0
Wso2 ≫ Identity Server Analytics Version <= 5.6.0
Wso2 ≫ Identity Server As Key Manager Version <= 5.10.0
Wso2 ≫ Iot Server Version3.1.0
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.4% | 0.576 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 8.8 | 2.8 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 6.8 | 8.6 | 6.4 |
AV:N/AC:M/Au:N/C:P/I:P/A:P
|
| cve@mitre.org | 8.8 | 2.8 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
|