var-202008-0562
Vulnerability from variot
An issue was discovered in certain WSO2 products. The Try It tool allows Reflected XSS. This affects API Manager 2.2.0, API Manager Analytics 2.2.0, API Microgateway 2.2.0, Data Analytics Server 3.2.0, Enterprise Integrator through 6.6.0, IS as Key Manager 5.5.0, Identity Server 5.5.0 and 5.8.0, Identity Server Analytics 5.5.0, and IoT Server 3.3.0 and 3.3.1. plural WSO2 The product contains a cross-site scripting vulnerability.Information may be obtained and information may be tampered with. There is a cross-site scripting vulnerability in WSO2 products, which is caused by the lack of correct verification of client data in WEB applications. An attacker can use this vulnerability to execute client code
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202008-0562",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "iot server",
"scope": "eq",
"trust": 1.8,
"vendor": "wso2",
"version": "3.3.0"
},
{
"model": "iot server",
"scope": "eq",
"trust": 1.8,
"vendor": "wso2",
"version": "3.3.1"
},
{
"model": "identity server analytics",
"scope": "eq",
"trust": 1.0,
"vendor": "wso2",
"version": "5.5.0"
},
{
"model": "identity server",
"scope": "eq",
"trust": 1.0,
"vendor": "wso2",
"version": "5.8.0"
},
{
"model": "enterprise integrator",
"scope": "lte",
"trust": 1.0,
"vendor": "wso2",
"version": "6.6.0"
},
{
"model": "api manager analytics",
"scope": "eq",
"trust": 1.0,
"vendor": "wso2",
"version": "2.2.0"
},
{
"model": "identity server",
"scope": "eq",
"trust": 1.0,
"vendor": "wso2",
"version": "5.5.0"
},
{
"model": "api microgateway",
"scope": "eq",
"trust": 1.0,
"vendor": "wso2",
"version": "2.2.0"
},
{
"model": "data analytics server",
"scope": "eq",
"trust": 1.0,
"vendor": "wso2",
"version": "3.2.0"
},
{
"model": "api manager",
"scope": "eq",
"trust": 1.0,
"vendor": "wso2",
"version": "2.2.0"
},
{
"model": "identity server as key manager",
"scope": "eq",
"trust": 1.0,
"vendor": "wso2",
"version": "5.5.0"
},
{
"model": "api manager",
"scope": null,
"trust": 0.8,
"vendor": "wso2",
"version": null
},
{
"model": "api manager analytics",
"scope": null,
"trust": 0.8,
"vendor": "wso2",
"version": null
},
{
"model": "api microgateway",
"scope": null,
"trust": 0.8,
"vendor": "wso2",
"version": null
},
{
"model": "data analytics server",
"scope": null,
"trust": 0.8,
"vendor": "wso2",
"version": null
},
{
"model": "enterprise integrator",
"scope": null,
"trust": 0.8,
"vendor": "wso2",
"version": null
},
{
"model": "identity server",
"scope": null,
"trust": 0.8,
"vendor": "wso2",
"version": null
},
{
"model": "identity server analytics",
"scope": null,
"trust": 0.8,
"vendor": "wso2",
"version": null
},
{
"model": "identity server as key manager",
"scope": null,
"trust": 0.8,
"vendor": "wso2",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-010580"
},
{
"db": "NVD",
"id": "CVE-2020-24704"
}
]
},
"cve": "CVE-2020-24704",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2020-24704",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-178609",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.8,
"id": "CVE-2020-24704",
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 2.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "OTHER",
"availabilityImpact": "None",
"baseScore": 6.1,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "JVNDB-2020-010580",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-24704",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "cve@mitre.org",
"id": "CVE-2020-24704",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2020-24704",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-202008-1348",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-178609",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-178609"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-010580"
},
{
"db": "CNNVD",
"id": "CNNVD-202008-1348"
},
{
"db": "NVD",
"id": "CVE-2020-24704"
},
{
"db": "NVD",
"id": "CVE-2020-24704"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered in certain WSO2 products. The Try It tool allows Reflected XSS. This affects API Manager 2.2.0, API Manager Analytics 2.2.0, API Microgateway 2.2.0, Data Analytics Server 3.2.0, Enterprise Integrator through 6.6.0, IS as Key Manager 5.5.0, Identity Server 5.5.0 and 5.8.0, Identity Server Analytics 5.5.0, and IoT Server 3.3.0 and 3.3.1. plural WSO2 The product contains a cross-site scripting vulnerability.Information may be obtained and information may be tampered with. There is a cross-site scripting vulnerability in WSO2 products, which is caused by the lack of correct verification of client data in WEB applications. An attacker can use this vulnerability to execute client code",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-24704"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-010580"
},
{
"db": "CNNVD",
"id": "CNNVD-202008-1348"
},
{
"db": "VULHUB",
"id": "VHN-178609"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-24704",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2020-010580",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202008-1348",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-178609",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-178609"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-010580"
},
{
"db": "CNNVD",
"id": "CNNVD-202008-1348"
},
{
"db": "NVD",
"id": "CVE-2020-24704"
}
]
},
"id": "VAR-202008-0562",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-178609"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T23:11:18.654000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "WSO2-2020-0685",
"trust": 0.8,
"url": "https://docs.wso2.com/display/Security/Security+Advisory+WSO2-2020-0685"
},
{
"title": "WSO2 Fixes for cross-site scripting vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=127963"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-010580"
},
{
"db": "CNNVD",
"id": "CNNVD-202008-1348"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.1
},
{
"problemtype": "Cross-site scripting (CWE-79) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-178609"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-010580"
},
{
"db": "NVD",
"id": "CVE-2020-24704"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-24704"
},
{
"trust": 1.0,
"url": "https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2020/wso2-2020-0685/"
},
{
"trust": 0.7,
"url": "https://docs.wso2.com/display/security/security+advisory+wso2-2020-0685"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-178609"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-010580"
},
{
"db": "CNNVD",
"id": "CNNVD-202008-1348"
},
{
"db": "NVD",
"id": "CVE-2020-24704"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-178609"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-010580"
},
{
"db": "CNNVD",
"id": "CNNVD-202008-1348"
},
{
"db": "NVD",
"id": "CVE-2020-24704"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-08-27T00:00:00",
"db": "VULHUB",
"id": "VHN-178609"
},
{
"date": "2021-01-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-010580"
},
{
"date": "2020-08-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202008-1348"
},
{
"date": "2020-08-27T16:15:11.677000",
"db": "NVD",
"id": "CVE-2020-24704"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-09-08T00:00:00",
"db": "VULHUB",
"id": "VHN-178609"
},
{
"date": "2021-01-28T07:56:00",
"db": "JVNDB",
"id": "JVNDB-2020-010580"
},
{
"date": "2021-01-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202008-1348"
},
{
"date": "2024-11-21T05:15:52.603000",
"db": "NVD",
"id": "CVE-2020-24704"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202008-1348"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural \u00a0WSO2\u00a0 Cross-site scripting vulnerabilities in products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-010580"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202008-1348"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…