Reflected Cross-Site Scripting in WSO2 Identity Server and Key Manager
CVE-2020-14445

4.4MEDIUM

Key Information:

Vendor

Wso2

Status
Identity Server
Identity Server As Key Manager
Vendor
CVE Published:
18 June 2020

What is CVE-2020-14445?

A reflected Cross-Site Scripting (XSS) vulnerability has been found in the Management Console Basic Policy Editor of WSO2 Identity Server and WSO2 IS as Key Manager. This issue affects versions up to 5.9.0, allowing attackers to exploit the Management Console interface, potentially leading to unauthorized access or manipulation of user data. Users are advised to apply the necessary patches and follow best security practices to mitigate risks.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://docs.wso2.com/display/Security/Security+Advisory+...
x_refsource_CONFIRM
https://cybersecurityworks.com/zerodays/cve-2020-14445-ws...
x_refsource_MISC

CVSS V3.1

Score:
4.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.