CVE-2020-14445 - OpenCVE

An issue was discovered in WSO2 Identity Server through 5.9.0 and WSO2 IS as Key Manager through 5.9.0. A potential Reflected Cross-Site Scripting (XSS) vulnerability has been identified in the Management Console Basic Policy Editor user Interface.

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

Attack Vector Network

Attack Complexity High

Privileges Required Low

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication Single

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:S/C:N/I:P/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Wso2	Identity Server As Key Manager Identity Server

Configuration 1 [-]

OR	cpe:2.3:a:wso2:identity_server::::::::
	cpe:2.3:a:wso2:identity_server_as_key_manager::::::::

References

Link	Resource
https://cybersecurityworks.com/zerodays/cve-2020-14445-wso2.html	Exploit Third Party Advisory
https://docs.wso2.com/display/Security/Security+Advisory+WSO2-2020-0711	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2020-06-18T17:47:40

Updated: 2020-10-28T19:29:12

Reserved: 2020-06-18T00:00:00

Link: CVE-2020-14445

JSON object: View

NVD Information

Status : Analyzed

Published: 2020-06-18T18:15:11.170

Modified: 2022-11-16T03:57:00.247

Link: CVE-2020-14445

JSON object: View

Redhat Information

No data.

CWE

CWE-79

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in WSO2 Identity Server through 5.9.0 and WSO2 IS as Key Manager through 5.9.0. A potential Reflected Cross-Site Scripting (XSS) vulnerability has been identified in the Management Console Basic Policy Editor user Interface."}], "metrics": [{"cvssV3_0": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AC:H/AV:N/A:N/C:L/I:L/PR:L/S:C/UI:R", "version": "3.0"}}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-10-28T19:29:12", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://docs.wso2.com/display/Security/Security+Advisory+WSO2-2020-0711"}, {"tags": ["x_refsource_MISC"], "url": "https://cybersecurityworks.com/zerodays/cve-2020-14445-wso2.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2020-14445", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An issue was discovered in WSO2 Identity Server through 5.9.0 and WSO2 IS as Key Manager through 5.9.0. A potential Reflected Cross-Site Scripting (XSS) vulnerability has been identified in the Management Console Basic Policy Editor user Interface."}]}, "impact": {"cvss": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AC:H/AV:N/A:N/C:L/I:L/PR:L/S:C/UI:R", "version": "3.0"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://docs.wso2.com/display/Security/Security+Advisory+WSO2-2020-0711", "refsource": "CONFIRM", "url": "https://docs.wso2.com/display/Security/Security+Advisory+WSO2-2020-0711"}, {"name": "https://cybersecurityworks.com/zerodays/cve-2020-14445-wso2.html", "refsource": "MISC", "url": "https://cybersecurityworks.com/zerodays/cve-2020-14445-wso2.html"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2020-14445", "datePublished": "2020-06-18T17:47:40", "dateReserved": "2020-06-18T00:00:00", "dateUpdated": "2020-10-28T19:29:12", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:wso2:identity_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "C7BA1880-6A40-457D-8FF3-2C1658398F98", "versionEndIncluding": "5.9.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:wso2:identity_server_as_key_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "417D475B-B552-4923-855E-B6DEDD609C86", "versionEndIncluding": "5.9.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in WSO2 Identity Server through 5.9.0 and WSO2 IS as Key Manager through 5.9.0. A potential Reflected Cross-Site Scripting (XSS) vulnerability has been identified in the Management Console Basic Policy Editor user Interface."}, {"lang": "es", "value": "Se detect\u00f3 un problema en WSO2 Identity Server versiones hasta 5.9.0 y WSO2 IS como Key Manager versiones hasta 5.9.0. Se ha identificado una potencial vulnerabilidad de tipo Cross-Site Scripting (XSS) Reflejado en la interfaz de usuario Management Console Basic Policy Editor"}], "id": "CVE-2020-14445", "lastModified": "2022-11-16T03:57:00.247", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 3.5, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 6.8, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.0"}, "exploitabilityScore": 1.3, "impactScore": 2.7, "source": "cve@mitre.org", "type": "Secondary"}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.3, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-06-18T18:15:11.170", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://cybersecurityworks.com/zerodays/cve-2020-14445-wso2.html"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://docs.wso2.com/display/Security/Security+Advisory+WSO2-2020-0711"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}