Open Redirect Vulnerability in WSO2 Identity Server and Key Manager
CVE-2020-14446

6.1MEDIUM

Key Information:

Vendor: Wso2
Status: Identity Server As Key Manager; Identity Server
Vendor: CVE Published:; 18 June 2020

What is CVE-2020-14446?

An open redirect vulnerability was identified in WSO2 Identity Server and WSO2 IS as Key Manager up to version 5.10.0. This flaw allows attackers to manipulate URL redirects to potentially lead users to malicious sites, posing security risks that can be exploited for phishing or unauthorized access. The issue is crucial for organizations using these WSO2 products to address to maintain the integrity of their applications and safeguard user data.

References

https://docs.wso2.com/display/Security/Security+Advisory+...

x_refsource_CONFIRM

https://cybersecurityworks.com/zerodays/cve-2020-14446-ws...

x_refsource_MISC

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 18, 2020
Vulnerability Reserved
Jun 18, 2020

Wso2

What is CVE-2020-14446?

References

CVSS V3.1

Timeline