CVE-2020-24706

Description

An issue was discovered in certain WSO2 products. The Try It tool allows Reflected XSS. This affects API Manager through 3.1.0, API Manager Analytics 2.5.0, IS as Key Manager through 5.10.0, Identity Server through 5.10.0, Identity Server Analytics through 5.6.0, and IoT Server 3.1.0.

Related CPE's

awso2identity_server_analytics********

awso2identity_server_as_key_manager********

awso2identity_server********

awso2api_manager********

awso2api_manager_analytics2.5.0*******

awso2iot_server3.1.0*******

References

https://docs.wso2.com/display/Security/Security+Advisory+WSO2-2020-0718

Vendor Advisory

CvssV3 impact

BaseSeverity

MEDIUM

ConfidentialityImpact

LOW

AttackComplexity

LOW

Scope

CHANGED

AttackVector

NETWORK

AvailabilityImpact

NONE

IntegrityImpact

LOW

PrivilegesRequired

NONE

BaseScore

6.1

VectorString

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Version

3.1

UserInteraction

REQUIRED

CvssV2 impact

AccessComplexity

MEDIUM

ConfidentialityImpact

NONE

AvailabilityImpact

NONE

IntegrityImpact

PARTIAL

BaseScore

4.300000190734863

VectorString

AV:N/AC:M/Au:N/C:N/I:P/A:N

Version

2.0

AccessVector

NETWORK

Authentication

NONE

Created by Yello
About Severity.io