Sign-up

ID

VAR-202008-0545


CVE

CVE-2020-24590


TITLE

WSO2 API Manager and API Microgateway In DTD Vulnerability in improper restriction of recursive entity references in

Trust: 0.8

sources: JVNDB: JVNDB-2020-010363

DESCRIPTION

The Management Console in WSO2 API Manager through 3.1.0 and API Microgateway 2.2.0 allows XML Entity Expansion attacks. WSO2 API Manager and API Microgateway To DTD There is a vulnerability regarding improper restriction of recursive entity references in.Information is obtained and service operation is interrupted (DoS) It may be put into a state. The following products and versions are affected: Manager from version 3.1.0 onwards and API Microgateway version 2.2.0

Trust: 1.71

sources: NVD: CVE-2020-24590 // JVNDB: JVNDB-2020-010363 // VULHUB: VHN-178484

AFFECTED PRODUCTS

vendor:wso2model:api microgatewayscope:eqversion:2.2.0

Trust: 1.8

vendor:wso2model:api managerscope:lteversion:3.1.0

Trust: 1.0

vendor:wso2model:api managerscope:eqversion:3.1.0

Trust: 0.8

sources: JVNDB: JVNDB-2020-010363 // NVD: CVE-2020-24590

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-24590
value: CRITICAL

Trust: 1.0

cve@mitre.org: CVE-2020-24590
value: CRITICAL

Trust: 1.0

NVD: JVNDB-2020-010363
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-202008-1086
value: CRITICAL

Trust: 0.6

VULHUB: VHN-178484
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2020-24590
severity: MEDIUM
baseScore: 6.4
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2020-010363
severity: MEDIUM
baseScore: 6.4
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-178484
severity: MEDIUM
baseScore: 6.4
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-24590
baseSeverity: CRITICAL
baseScore: 9.1
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.2
version: 3.1

Trust: 2.0

NVD: JVNDB-2020-010363
baseSeverity: CRITICAL
baseScore: 9.1
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-178484 // JVNDB: JVNDB-2020-010363 // CNNVD: CNNVD-202008-1086 // NVD: CVE-2020-24590 // NVD: CVE-2020-24590

PROBLEMTYPE DATA

problemtype:CWE-776

Trust: 1.9

sources: VULHUB: VHN-178484 // JVNDB: JVNDB-2020-010363 // NVD: CVE-2020-24590

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202008-1086

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202008-1086

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-010363

PATCH
title:WSO2-2020-0742url:https://docs.wso2.com/display/Security/Security+Advisory+WSO2-2020-0742
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2020-010363

EXTERNAL IDS
db:NVDid:CVE-2020-24590
Trust: 2.5
db:JVNDBid:JVNDB-2020-010363
Trust: 0.8
db:CNNVDid:CNNVD-202008-1086
Trust: 0.7
db:VULHUBid:VHN-178484
Trust: 0.1
sources:
            
            
            VULHUB: VHN-178484 // 
            
            
            
            JVNDB: JVNDB-2020-010363 // 
            
            
            
            CNNVD: CNNVD-202008-1086 // 
            
            
            
            NVD: CVE-2020-24590

REFERENCES
url:https://docs.wso2.com/display/security/security+advisory+wso2-2020-0742
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2020-24590
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-24590
Trust: 0.8
sources:
            
            
            VULHUB: VHN-178484 // 
            
            
            
            JVNDB: JVNDB-2020-010363 // 
            
            
            
            CNNVD: CNNVD-202008-1086 // 
            
            
            
            NVD: CVE-2020-24590

SOURCES
db:VULHUBid:VHN-178484
db:JVNDBid:JVNDB-2020-010363
db:CNNVDid:CNNVD-202008-1086
db:NVDid:CVE-2020-24590

LAST UPDATE DATE
2024-11-23T22:58:10.495000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-178484date:2020-08-27T00:00:00
db:JVNDBid:JVNDB-2020-010363date:2021-01-07T08:30:10
db:CNNVDid:CNNVD-202008-1086date:2020-08-28T00:00:00
db:NVDid:CVE-2020-24590date:2024-11-21T05:15:06.300

SOURCES RELEASE DATE
db:VULHUBid:VHN-178484date:2020-08-21T00:00:00
db:JVNDBid:JVNDB-2020-010363date:2021-01-07T08:30:10
db:CNNVDid:CNNVD-202008-1086date:2020-08-21T00:00:00
db:NVDid:CVE-2020-24590date:2020-08-21T20:15:11.047