Sign-up

ID

VAR-202005-0665


CVE

CVE-2020-1941


TITLE

Apache ActiveMQ Cross-site scripting vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2020-005358

DESCRIPTION

In Apache ActiveMQ 5.0.0 to 5.15.11, the webconsole admin GUI is open to XSS, in the view that lists the contents of a queue. Apache ActiveMQ Exists in a cross-site scripting vulnerability.Information may be obtained and tampered with. Apache ActiveMQ is a set of open source message middleware of the Apache Software Foundation in the United States. It supports Java message services, clusters, Spring Framework, etc. The vulnerability stems from the lack of correct validation of client data in WEB applications. An attacker could exploit this vulnerability to execute client code

Trust: 1.8

sources: NVD: CVE-2020-1941 // JVNDB: JVNDB-2020-005358 // VULHUB: VHN-172785 // VULMON: CVE-2020-1941

AFFECTED PRODUCTS

vendor:oraclemodel:communications element managerscope:eqversion:8.1.1

Trust: 1.0

vendor:oraclemodel:flexcube private bankingscope:eqversion:12.0.0

Trust: 1.0

vendor:apachemodel:activemqscope:lteversion:5.15.11

Trust: 1.0

vendor:oraclemodel:flexcube private bankingscope:eqversion:12.1.0

Trust: 1.0

vendor:oraclemodel:communications element managerscope:eqversion:8.2.0

Trust: 1.0

vendor:oraclemodel:communications diameter signaling routerscope:gteversion:8.0.0

Trust: 1.0

vendor:oraclemodel:communications element managerscope:eqversion:8.2.1

Trust: 1.0

vendor:oraclemodel:communications session report managerscope:eqversion:8.1.1

Trust: 1.0

vendor:oraclemodel:communications session route managerscope:eqversion:8.1.1

Trust: 1.0

vendor:oraclemodel:enterprise repositoryscope:eqversion:11.1.1.7.0

Trust: 1.0

vendor:apachemodel:activemqscope:gteversion:5.0.0

Trust: 1.0

vendor:oraclemodel:communications session report managerscope:eqversion:8.2.0

Trust: 1.0

vendor:oraclemodel:communications session report managerscope:eqversion:8.2.1

Trust: 1.0

vendor:oraclemodel:communications session route managerscope:eqversion:8.2.1

Trust: 1.0

vendor:oraclemodel:communications diameter signaling routerscope:lteversion:8.2.2

Trust: 1.0

vendor:oraclemodel:communications session route managerscope:eqversion:8.2.0

Trust: 1.0

vendor:apachemodel:activemqscope:eqversion:5.0.0 から 5.15.11

Trust: 0.8

vendor:apachemodel:activemqscope:eqversion:5.0.0

Trust: 0.1

vendor:apachemodel:activemqscope:eqversion:5.1.0

Trust: 0.1

vendor:apachemodel:activemqscope:eqversion:5.2.0

Trust: 0.1

vendor:apachemodel:activemqscope:eqversion:5.3.0

Trust: 0.1

vendor:apachemodel:activemqscope:eqversion:5.3.1

Trust: 0.1

vendor:apachemodel:activemqscope:eqversion:5.3.2

Trust: 0.1

vendor:apachemodel:activemqscope:eqversion:5.4.0

Trust: 0.1

vendor:apachemodel:activemqscope:eqversion:5.4.1

Trust: 0.1

vendor:apachemodel:activemqscope:eqversion:5.4.2

Trust: 0.1

vendor:apachemodel:activemqscope:eqversion:5.4.3

Trust: 0.1

vendor:apachemodel:activemqscope:eqversion:5.5.0

Trust: 0.1

vendor:apachemodel:activemqscope:eqversion:5.5.1

Trust: 0.1

vendor:apachemodel:activemqscope:eqversion:5.6.0

Trust: 0.1

vendor:apachemodel:activemqscope:eqversion:5.7.0

Trust: 0.1

vendor:apachemodel:activemqscope:eqversion:5.8.0

Trust: 0.1

vendor:apachemodel:activemqscope:eqversion:5.9.0

Trust: 0.1

vendor:apachemodel:activemqscope:eqversion:5.9.1

Trust: 0.1

vendor:apachemodel:activemqscope:eqversion:5.10.0

Trust: 0.1

vendor:apachemodel:activemqscope:eqversion:5.10.1

Trust: 0.1

vendor:apachemodel:activemqscope:eqversion:5.10.2

Trust: 0.1

vendor:apachemodel:activemqscope:eqversion:5.11.0

Trust: 0.1

vendor:apachemodel:activemqscope:eqversion:5.11.1

Trust: 0.1

vendor:apachemodel:activemqscope:eqversion:5.11.2

Trust: 0.1

vendor:apachemodel:activemqscope:eqversion:5.11.3

Trust: 0.1

vendor:apachemodel:activemqscope:eqversion:5.12.0

Trust: 0.1

vendor:apachemodel:activemqscope:eqversion:5.12.1

Trust: 0.1

vendor:apachemodel:activemqscope:eqversion:5.12.2

Trust: 0.1

vendor:apachemodel:activemqscope:eqversion:5.12.3

Trust: 0.1

vendor:apachemodel:activemqscope:eqversion:5.13.0

Trust: 0.1

vendor:apachemodel:activemqscope:eqversion:5.13.1

Trust: 0.1

vendor:apachemodel:activemqscope:eqversion:5.13.2

Trust: 0.1

vendor:apachemodel:activemqscope:eqversion:5.13.3

Trust: 0.1

vendor:apachemodel:activemqscope:eqversion:5.13.4

Trust: 0.1

vendor:apachemodel:activemqscope:eqversion:5.13.5

Trust: 0.1

vendor:apachemodel:activemqscope:eqversion:5.14.0

Trust: 0.1

vendor:apachemodel:activemqscope:eqversion:5.14.1

Trust: 0.1

vendor:apachemodel:activemqscope:eqversion:5.14.2

Trust: 0.1

vendor:apachemodel:activemqscope:eqversion:5.14.3

Trust: 0.1

vendor:apachemodel:activemqscope:eqversion:5.14.4

Trust: 0.1

vendor:apachemodel:activemqscope:eqversion:5.14.5

Trust: 0.1

vendor:apachemodel:activemqscope:eqversion:5.15.0

Trust: 0.1

vendor:apachemodel:activemqscope:eqversion:5.15.1

Trust: 0.1

vendor:apachemodel:activemqscope:eqversion:5.15.2

Trust: 0.1

vendor:apachemodel:activemqscope:eqversion:5.15.3

Trust: 0.1

vendor:apachemodel:activemqscope:eqversion:5.15.4

Trust: 0.1

vendor:apachemodel:activemqscope:eqversion:5.15.5

Trust: 0.1

vendor:apachemodel:activemqscope:eqversion:5.15.6

Trust: 0.1

vendor:apachemodel:activemqscope:eqversion:5.15.7

Trust: 0.1

vendor:apachemodel:activemqscope:eqversion:5.15.8

Trust: 0.1

vendor:apachemodel:activemqscope:eqversion:5.15.11

Trust: 0.1

sources: VULMON: CVE-2020-1941 // JVNDB: JVNDB-2020-005358 // NVD: CVE-2020-1941

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-1941
value: MEDIUM

Trust: 1.0

NVD: JVNDB-2020-005358
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202005-790
value: MEDIUM

Trust: 0.6

VULHUB: VHN-172785
value: MEDIUM

Trust: 0.1

VULMON: CVE-2020-1941
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2020-1941
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

NVD: JVNDB-2020-005358
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-172785
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-1941
baseSeverity: MEDIUM
baseScore: 6.1
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 2.7
version: 3.1

Trust: 1.0

NVD: JVNDB-2020-005358
baseSeverity: MEDIUM
baseScore: 6.1
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-172785 // VULMON: CVE-2020-1941 // JVNDB: JVNDB-2020-005358 // CNNVD: CNNVD-202005-790 // NVD: CVE-2020-1941

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.9

sources: VULHUB: VHN-172785 // JVNDB: JVNDB-2020-005358 // NVD: CVE-2020-1941

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202005-790

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-202005-790

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-005358

PATCH
title:CVE-2020-1941 - XSS in WebConsoleurl:http://activemq.apache.org/security-advisories.data/CVE-2020-1941-announcement.txt
Trust: 0.8
title:Apache ActiveMQ Fixes for cross-site scripting vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=118745
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2020-005358 // 
            
            
            
            CNNVD: CNNVD-202005-790

EXTERNAL IDS
db:NVDid:CVE-2020-1941
Trust: 2.6
db:JVNDBid:JVNDB-2020-005358
Trust: 0.8
db:CNNVDid:CNNVD-202005-790
Trust: 0.7
db:AUSCERTid:ESB-2020.3485
Trust: 0.6
db:NSFOCUSid:48756
Trust: 0.6
db:VULHUBid:VHN-172785
Trust: 0.1
db:VULMONid:CVE-2020-1941
Trust: 0.1
sources:
            
            
            VULHUB: VHN-172785 // 
            
            
            
            VULMON: CVE-2020-1941 // 
            
            
            
            JVNDB: JVNDB-2020-005358 // 
            
            
            
            CNNVD: CNNVD-202005-790 // 
            
            
            
            NVD: CVE-2020-1941

REFERENCES
url:https://www.oracle.com/security-alerts/cpujul2020.html
Trust: 2.3
url:https://www.oracle.com/security-alerts/cpuoct2020.html
Trust: 2.3
url:http://activemq.apache.org/security-advisories.data/cve-2020-1941-announcement.txt
Trust: 1.8
url:https://www.oracle.com//security-alerts/cpujul2021.html
Trust: 1.7
url:https://www.oracle.com/security-alerts/cpuapr2021.html
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2020-1941
Trust: 1.4
url:https://lists.apache.org/thread.html/r946488fb942fd35c6a6e0359f52504a558ed438574a8f14d36d7dcd7%40%3ccommits.activemq.apache.org%3e
Trust: 1.0
url:https://lists.apache.org/thread.html/rb2fd3bf2dce042e0ab3f3c94c4767c96bb2e7e6737624d63162df36d%40%3ccommits.activemq.apache.org%3e
Trust: 1.0
url:https://lists.apache.org/thread.html/re4672802b0e5ed67c08c9e77057d52138e062f77cc09581b723cf95a%40%3ccommits.activemq.apache.org%3e
Trust: 1.0
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-1941
Trust: 0.8
url:https://lists.apache.org/thread.html/re4672802b0e5ed67c08c9e77057d52138e062f77cc09581b723cf95a@%3ccommits.activemq.apache.org%3e
Trust: 0.7
url:https://lists.apache.org/thread.html/rb2fd3bf2dce042e0ab3f3c94c4767c96bb2e7e6737624d63162df36d@%3ccommits.activemq.apache.org%3e
Trust: 0.7
url:https://lists.apache.org/thread.html/r946488fb942fd35c6a6e0359f52504a558ed438574a8f14d36d7dcd7@%3ccommits.activemq.apache.org%3e
Trust: 0.7
url:http://www.nsfocus.net/vulndb/48756
Trust: 0.6
url:https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-apache-activemq-affects-ibm-operations-analytics-predictive-insights-cve-2020-1941/
Trust: 0.6
url:https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-identified-in-apache-activemq-used-in-cloud-pak-system-cve-2020-1941-3/
Trust: 0.6
url:https://www.ibm.com/blogs/psirt/security-bulletin-a-vulnerability-in-apache-avtivemq-affects-ibm-operations-analytics-predictive-insights-cve-2020-1941/
Trust: 0.6
url:https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-identified-in-apache-activemq-used-in-cloud-pak-system-cve-2020-1941-2/
Trust: 0.6
url:https://www.ibm.com/blogs/psirt/security-bulletin-vulnerability-identified-in-apache-activemq-used-in-cloud-pak-system-cve-2020-1941/
Trust: 0.6
url:https://www.ibm.com/blogs/psirt/security-bulletin-ibm-resilient-soar-is-using-components-with-known-vulnerabilities-activemq-camel-5-15-9-jar-cve-2015-5182-cve-2015-5183-cve-2015-5184-cve-2020-1941/
Trust: 0.6
url:https://vigilance.fr/vulnerability/oracle-fusion-middleware-vulnerabilities-of-july-2020-32829
Trust: 0.6
url:https://vigilance.fr/vulnerability/apache-activemq-cross-site-scripting-via-webconsole-admin-gui-33509
Trust: 0.6
url:https://www.auscert.org.au/bulletins/esb-2020.3485/
Trust: 0.6
url:https://cwe.mitre.org/data/definitions/79.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/181957
Trust: 0.1
sources:
            
            
            VULHUB: VHN-172785 // 
            
            
            
            VULMON: CVE-2020-1941 // 
            
            
            
            JVNDB: JVNDB-2020-005358 // 
            
            
            
            CNNVD: CNNVD-202005-790 // 
            
            
            
            NVD: CVE-2020-1941

SOURCES
db:VULHUBid:VHN-172785
db:VULMONid:CVE-2020-1941
db:JVNDBid:JVNDB-2020-005358
db:CNNVDid:CNNVD-202005-790
db:NVDid:CVE-2020-1941

LAST UPDATE DATE
2024-08-14T12:43:05.040000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-172785date:2022-10-05T00:00:00
db:VULMONid:CVE-2020-1941date:2021-02-10T00:00:00
db:JVNDBid:JVNDB-2020-005358date:2020-06-12T00:00:00
db:CNNVDid:CNNVD-202005-790date:2022-10-08T00:00:00
db:NVDid:CVE-2020-1941date:2023-11-07T03:19:37.307

SOURCES RELEASE DATE
db:VULHUBid:VHN-172785date:2020-05-14T00:00:00
db:VULMONid:CVE-2020-1941date:2020-05-14T00:00:00
db:JVNDBid:JVNDB-2020-005358date:2020-06-12T00:00:00
db:CNNVDid:CNNVD-202005-790date:2020-05-14T00:00:00
db:NVDid:CVE-2020-1941date:2020-05-14T17:15:12.320