CVE-2019-20436 - OpenCVE

An issue was discovered in WSO2 API Manager 2.6.0, WSO2 IS as Key Manager 5.7.0, and WSO2 Identity Server 5.8.0. If there is a claim dialect configured with an XSS payload in the dialect URI, and a user picks up this dialect's URI and adds it as the service provider claim dialect while configuring the service provider, that payload gets executed. The attacker also needs to have privileges to log in to the management console, and to add and configure claim dialects.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:N/C:N/I:P/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Wso2	Identity Server Api Manager

Configuration 1 [-]

OR	cpe:2.3:a:wso2:api_manager:2.6.0:::::::*
	cpe:2.3:a:wso2:identity_server:5.7.0:::::::*
	cpe:2.3:a:wso2:identity_server:5.8.0:::::::*

References

Link	Resource
https://cybersecurityworks.com/zerodays/cve-2019-20436-wso2.html	Exploit Third Party Advisory
https://docs.wso2.com/display/Security/Security+Advisory+WSO2-2019-0634	Vendor Advisory
https://github.com/cybersecurityworks/Disclosed/issues/19	Exploit Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2020-01-27T23:36:25

Updated: 2020-10-29T20:05:03

Reserved: 2020-01-27T00:00:00

Link: CVE-2019-20436

JSON object: View

NVD Information

Status : Analyzed

Published: 2020-01-28T01:15:11.957

Modified: 2022-11-10T04:50:10.437

Link: CVE-2019-20436

JSON object: View

Redhat Information

No data.

CWE

CWE-79

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in WSO2 API Manager 2.6.0, WSO2 IS as Key Manager 5.7.0, and WSO2 Identity Server 5.8.0. If there is a claim dialect configured with an XSS payload in the dialect URI, and a user picks up this dialect's URI and adds it as the service provider claim dialect while configuring the service provider, that payload gets executed. The attacker also needs to have privileges to log in to the management console, and to add and configure claim dialects."}], "metrics": [{"cvssV3_0": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AC:L/AV:N/A:N/C:L/I:L/PR:N/S:C/UI:R", "version": "3.0"}}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-10-29T20:05:03", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://docs.wso2.com/display/Security/Security+Advisory+WSO2-2019-0634"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/cybersecurityworks/Disclosed/issues/19"}, {"tags": ["x_refsource_MISC"], "url": "https://cybersecurityworks.com/zerodays/cve-2019-20436-wso2.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-20436", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An issue was discovered in WSO2 API Manager 2.6.0, WSO2 IS as Key Manager 5.7.0, and WSO2 Identity Server 5.8.0. If there is a claim dialect configured with an XSS payload in the dialect URI, and a user picks up this dialect's URI and adds it as the service provider claim dialect while configuring the service provider, that payload gets executed. The attacker also needs to have privileges to log in to the management console, and to add and configure claim dialects."}]}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AC:L/AV:N/A:N/C:L/I:L/PR:N/S:C/UI:R", "version": "3.0"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://docs.wso2.com/display/Security/Security+Advisory+WSO2-2019-0634", "refsource": "MISC", "url": "https://docs.wso2.com/display/Security/Security+Advisory+WSO2-2019-0634"}, {"name": "https://github.com/cybersecurityworks/Disclosed/issues/19", "refsource": "MISC", "url": "https://github.com/cybersecurityworks/Disclosed/issues/19"}, {"name": "https://cybersecurityworks.com/zerodays/cve-2019-20436-wso2.html", "refsource": "MISC", "url": "https://cybersecurityworks.com/zerodays/cve-2019-20436-wso2.html"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2019-20436", "datePublished": "2020-01-27T23:36:25", "dateReserved": "2020-01-27T00:00:00", "dateUpdated": "2020-10-29T20:05:03", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:wso2:api_manager:2.6.0:*:*:*:*:*:*:*", "matchCriteriaId": "BC168B6A-B15A-4C3B-A38D-C0B65F24F333", "vulnerable": true}, {"criteria": "cpe:2.3:a:wso2:identity_server:5.7.0:*:*:*:*:*:*:*", "matchCriteriaId": "60781FE4-38A3-4FEA-9D8B-CADE4B535974", "vulnerable": true}, {"criteria": "cpe:2.3:a:wso2:identity_server:5.8.0:*:*:*:*:*:*:*", "matchCriteriaId": "2B169832-A746-49A6-8E92-06624AA9B13A", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in WSO2 API Manager 2.6.0, WSO2 IS as Key Manager 5.7.0, and WSO2 Identity Server 5.8.0. If there is a claim dialect configured with an XSS payload in the dialect URI, and a user picks up this dialect's URI and adds it as the service provider claim dialect while configuring the service provider, that payload gets executed. The attacker also needs to have privileges to log in to the management console, and to add and configure claim dialects."}, {"lang": "es", "value": "Se detect\u00f3 un problema en WSO2 API Manager versi\u00f3n 2.6.0, WSO2 IS as Key Manager versi\u00f3n 5.7.0 y WSO2 Identity Server versi\u00f3n 5.8.0. Si se presenta un dialecto de reclamo configurado con una carga \u00fatil XSS en el URI de dialecto, y un usuario recoge el URI de este dialecto y lo agrega como el dialecto de reclamo del proveedor de servicios mientras configura el proveedor de servicios, esa carga es ejecutada. El atacante tambi\u00e9n necesita contar con privilegios para iniciar sesi\u00f3n en la consola de administraci\u00f3n y para agregar y configurar dialectos de reclamo."}], "id": "CVE-2019-20436", "lastModified": "2022-11-10T04:50:10.437", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "cve@mitre.org", "type": "Secondary"}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-01-28T01:15:11.957", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://cybersecurityworks.com/zerodays/cve-2019-20436-wso2.html"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://docs.wso2.com/display/Security/Security+Advisory+WSO2-2019-0634"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/cybersecurityworks/Disclosed/issues/19"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}