ID
VAR-202006-0904
CVE
CVE-2020-14445
TITLE
WSO2 Identity Server and IS as Key Manager Cross-site scripting vulnerability in
Trust: 0.8
sources:
JVNDB: JVNDB-2020-007013
DESCRIPTION
An issue was discovered in WSO2 Identity Server through 5.9.0 and WSO2 IS as Key Manager through 5.9.0. A potential Reflected Cross-Site Scripting (XSS) vulnerability has been identified in the Management Console Basic Policy Editor user Interface. The vulnerability stems from the lack of correct verification of client data in WEB applications. An attacker can use this vulnerability to execute client code
Trust: 2.16
sources:
NVD: CVE-2020-14445 //
JVNDB: JVNDB-2020-007013 //
CNVD: CNVD-2021-20264
IOT TAXONOMY
| category: | ['Network device'] | sub_category: | - | Trust: 0.6 |
sources:
CNVD: CNVD-2021-20264
AFFECTED PRODUCTS
| vendor: | wso2 | model: | identity server as key manager | scope: | lte | version: | 5.9.0 | Trust: 1.0 |
| vendor: | wso2 | model: | identity server | scope: | lte | version: | 5.9.0 | Trust: 1.0 |
| vendor: | wso2 | model: | identity server as key manager | scope: | eq | version: | 5.9.0 | Trust: 0.8 |
| vendor: | wso2 | model: | identity server | scope: | eq | version: | 5.9.0 | Trust: 0.8 |
| vendor: | wso2 | model: | is as key manager | scope: | lte | version: | <=5.9.0 | Trust: 0.6 |
| vendor: | wso2 | model: | is | scope: | lte | version: | <=5.9.0 | Trust: 0.6 |
sources:
CNVD: CNVD-2021-20264 //
JVNDB: JVNDB-2020-007013 //
NVD: CVE-2020-14445
CVSS
SEVERITY | CVSSV2 | CVSSV3 | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|
sources:
CNVD: CNVD-2021-20264 //
JVNDB: JVNDB-2020-007013 //
CNNVD: CNNVD-202006-1272 //
NVD: CVE-2020-14445 //
NVD: CVE-2020-14445
PROBLEMTYPE DATA
| problemtype: | CWE-79 | Trust: 1.8 |
sources:
JVNDB: JVNDB-2020-007013 //
NVD: CVE-2020-14445
THREAT TYPE
remote
Trust: 0.6
sources:
CNNVD: CNNVD-202006-1272
TYPE
XSS
Trust: 0.6
sources:
CNNVD: CNNVD-202006-1272
CONFIGURATIONS
sources:
JVNDB: JVNDB-2020-007013
PATCH
| title: | Security Advisory WSO2-2020-0711 | url: | https://docs.wso2.com/display/Security/Security+Advisory+WSO2-2020-0711 | Trust: 0.8 |
| title: | Patch for WSO2 Identity Server and WSO2 IS as Key Manager cross-site scripting vulnerabilities | url: | https://www.cnvd.org.cn/patchInfo/show/253746 | Trust: 0.6 |
| title: | WSO2 Identity Server and WSO2 IS as Key Manager Fixes for cross-site scripting vulnerabilities | url: | http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=122018 | Trust: 0.6 |
sources:
CNVD: CNVD-2021-20264 //
JVNDB: JVNDB-2020-007013 //
CNNVD: CNNVD-202006-1272
EXTERNAL IDS
| db: | NVD | id: | CVE-2020-14445 | Trust: 3.0 |
| db: | JVNDB | id: | JVNDB-2020-007013 | Trust: 0.8 |
| db: | CNVD | id: | CNVD-2021-20264 | Trust: 0.6 |
| db: | CNNVD | id: | CNNVD-202006-1272 | Trust: 0.6 |
sources:
CNVD: CNVD-2021-20264 //
JVNDB: JVNDB-2020-007013 //
CNNVD: CNNVD-202006-1272 //
NVD: CVE-2020-14445
REFERENCES
| url: | https://cybersecurityworks.com/zerodays/cve-2020-14445-wso2.html | Trust: 1.6 |
| url: | https://docs.wso2.com/display/security/security+advisory+wso2-2020-0711 | Trust: 1.6 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2020-14445 | Trust: 1.4 |
| url: | https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-14445 | Trust: 0.8 |
sources:
JVNDB: JVNDB-2020-007013 //
CNNVD: CNNVD-202006-1272 //
NVD: CVE-2020-14445
SOURCES
| db: | CNVD | id: | CNVD-2021-20264 |
| db: | JVNDB | id: | JVNDB-2020-007013 |
| db: | CNNVD | id: | CNNVD-202006-1272 |
| db: | NVD | id: | CVE-2020-14445 |
LAST UPDATE DATE
2024-11-23T22:44:33.787000+00:00
SOURCES UPDATE DATE
| db: | CNVD | id: | CNVD-2021-20264 | date: | 2021-03-23T00:00:00 |
| db: | JVNDB | id: | JVNDB-2020-007013 | date: | 2020-07-29T00:00:00 |
| db: | CNNVD | id: | CNNVD-202006-1272 | date: | 2020-10-29T00:00:00 |
| db: | NVD | id: | CVE-2020-14445 | date: | 2024-11-21T05:03:17.743 |
SOURCES RELEASE DATE
| db: | CNVD | id: | CNVD-2021-20264 | date: | 2021-03-18T00:00:00 |
| db: | JVNDB | id: | JVNDB-2020-007013 | date: | 2020-07-29T00:00:00 |
| db: | CNNVD | id: | CNNVD-202006-1272 | date: | 2020-06-18T00:00:00 |
| db: | NVD | id: | CVE-2020-14445 | date: | 2020-06-18T18:15:11.170 |