Sign-up

ID

VAR-202006-0903


CVE

CVE-2020-14444


TITLE

WSO2 Identity Server and IS as Key Manager Cross-site scripting vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2020-007012

DESCRIPTION

An issue was discovered in WSO2 Identity Server through 5.9.0 and WSO2 IS as Key Manager through 5.9.0. A potential Reflected Cross-Site Scripting (XSS) vulnerability has been identified in the Management Console Policy Administration user interface. The vulnerability stems from the lack of correct verification of client data in WEB applications. An attacker can use this vulnerability to execute client code

Trust: 2.25

sources: NVD: CVE-2020-14444 // JVNDB: JVNDB-2020-007012 // CNVD: CNVD-2021-20263 // VULMON: CVE-2020-14444

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2021-20263

AFFECTED PRODUCTS

vendor:wso2model:identity server as key managerscope:lteversion:5.9.0

Trust: 1.0

vendor:wso2model:identity serverscope:lteversion:5.9.0

Trust: 1.0

vendor:wso2model:identity server as key managerscope:eqversion:5.9.0

Trust: 0.8

vendor:wso2model:identity serverscope:eqversion:5.9.0

Trust: 0.8

vendor:wso2model:is as key managerscope:lteversion:<=5.9.0

Trust: 0.6

vendor:wso2model:identity serverscope:lteversion:<=5.9.0

Trust: 0.6

sources: CNVD: CNVD-2021-20263 // JVNDB: JVNDB-2020-007012 // NVD: CVE-2020-14444

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-14444
value: MEDIUM

Trust: 1.0

cve@mitre.org: CVE-2020-14444
value: MEDIUM

Trust: 1.0

NVD: JVNDB-2020-007012
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2021-20263
value: LOW

Trust: 0.6

CNNVD: CNNVD-202006-1271
value: MEDIUM

Trust: 0.6

VULMON: CVE-2020-14444
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2020-14444
severity: LOW
baseScore: 3.5
vectorString: AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 6.8
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

NVD: JVNDB-2020-007012
severity: LOW
baseScore: 3.5
vectorString: AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2021-20263
severity: LOW
baseScore: 3.5
vectorString: AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 6.8
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2020-14444
baseSeverity: MEDIUM
baseScore: 5.4
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.3
impactScore: 2.7
version: 3.1

Trust: 1.0

cve@mitre.org: CVE-2020-14444
baseSeverity: MEDIUM
baseScore: 5.4
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.3
impactScore: 2.7
version: 3.0

Trust: 1.0

NVD: JVNDB-2020-007012
baseSeverity: MEDIUM
baseScore: 5.4
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2021-20263 // VULMON: CVE-2020-14444 // JVNDB: JVNDB-2020-007012 // CNNVD: CNNVD-202006-1271 // NVD: CVE-2020-14444 // NVD: CVE-2020-14444

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.8

sources: JVNDB: JVNDB-2020-007012 // NVD: CVE-2020-14444

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202006-1271

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-202006-1271

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-007012

PATCH
title:Security Advisory WSO2-2020-0707url:https://docs.wso2.com/display/Security/Security+Advisory+WSO2-2020-0707
Trust: 0.8
title:Patch for WSO2 Identity Server and IS as Key Manager cross-site scripting vulnerabilitiesurl:https://www.cnvd.org.cn/patchInfo/show/253741
Trust: 0.6
title:WSO2 Identity Server  and IS as Key Manager Fixes for cross-site scripting vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=122017
Trust: 0.6
title: - url:https://github.com/Live-Hack-CVE/CVE-2020-14444 
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2021-20263 // 
            
            
            
            VULMON: CVE-2020-14444 // 
            
            
            
            JVNDB: JVNDB-2020-007012 // 
            
            
            
            CNNVD: CNNVD-202006-1271

EXTERNAL IDS
db:NVDid:CVE-2020-14444
Trust: 3.1
db:JVNDBid:JVNDB-2020-007012
Trust: 0.8
db:CNVDid:CNVD-2021-20263
Trust: 0.6
db:CNNVDid:CNNVD-202006-1271
Trust: 0.6
db:VULMONid:CVE-2020-14444
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2021-20263 // 
            
            
            
            VULMON: CVE-2020-14444 // 
            
            
            
            JVNDB: JVNDB-2020-007012 // 
            
            
            
            CNNVD: CNNVD-202006-1271 // 
            
            
            
            NVD: CVE-2020-14444

REFERENCES
url:https://docs.wso2.com/display/security/security+advisory+wso2-2020-0707
Trust: 1.7
url:https://cybersecurityworks.com/zerodays/cve-2020-14444-wso2.html
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2020-14444
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-14444
Trust: 0.8
url:https://cwe.mitre.org/data/definitions/79.html
Trust: 0.1
url:https://github.com/live-hack-cve/cve-2020-14444
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            VULMON: CVE-2020-14444 // 
            
            
            
            JVNDB: JVNDB-2020-007012 // 
            
            
            
            CNNVD: CNNVD-202006-1271 // 
            
            
            
            NVD: CVE-2020-14444

SOURCES
db:CNVDid:CNVD-2021-20263
db:VULMONid:CVE-2020-14444
db:JVNDBid:JVNDB-2020-007012
db:CNNVDid:CNNVD-202006-1271
db:NVDid:CVE-2020-14444

LAST UPDATE DATE
2024-11-23T23:11:24.678000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2021-20263date:2021-03-23T00:00:00
db:VULMONid:CVE-2020-14444date:2022-11-16T00:00:00
db:JVNDBid:JVNDB-2020-007012date:2020-07-29T00:00:00
db:CNNVDid:CNNVD-202006-1271date:2021-08-16T00:00:00
db:NVDid:CVE-2020-14444date:2024-11-21T05:03:17.577

SOURCES RELEASE DATE
db:CNVDid:CNVD-2021-20263date:2021-03-18T00:00:00
db:VULMONid:CVE-2020-14444date:2020-06-18T00:00:00
db:JVNDBid:JVNDB-2020-007012date:2020-07-29T00:00:00
db:CNNVDid:CNNVD-202006-1271date:2020-06-18T00:00:00
db:NVDid:CVE-2020-14444date:2020-06-18T18:15:11.107