Session Hijacking Vulnerability in WSO2 API Manager and Identity Server
CVE-2020-24705

8.8HIGH

Key Information:

Vendor: Wso2
Status: Identity Server Analytics; Identity Server As Key Manager; Identity Server; Api Manager
Vendor: CVE Published:; 27 August 2020

What is CVE-2020-24705?

A security issue has been identified in various WSO2 products that allows an attacker to hijack a legitimate user session. If a legitimate user submits a specially crafted 'Try It' request, their Carbon Management Console session cookie may inadvertently be sent to a server controlled by the attacker. This vulnerability primarily affects WSO2 API Manager (up to version 3.1.0), WSO2 API Manager Analytics (up to version 2.5.0), and various versions of WSO2 Identity Server and IoT Server. Users are advised to review security advisories and apply available patches.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://security.docs.wso2.com/en/latest/security-announc...

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Aug 27, 2020
Vulnerability Reserved
Aug 27, 2020

JSON

Wso2

What is CVE-2020-24705?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.