CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2020-24705

An issue was discovered in certain WSO2 products. A valid Carbon Management Console session cookie may be sent to an attacker-controlled server if the victim submits a crafted Try It request, aka Session Hijacking. This affects API Manager through 3.1.0, API Manager Analytics 2.5.0, IS as Key Manager through 5.10.0, Identity Server through 5.10.0, Identity Server Analytics through 5.6.0, and IoT Server 3.1.0.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.004

EPSS Ranking 59.5%

CVSS Severity

CVSS v3 Score 8.8

CVSS v2 Score 6.8

References

Products affected by CVE-2020-24705

Wso2 » Api Manager » Version: N/A

cpe:2.3:a:wso2:api_manager:-
Wso2 » Api Manager » Version: 1.0.0

cpe:2.3:a:wso2:api_manager:1.0.0
Wso2 » Api Manager » Version: 1.1.1

cpe:2.3:a:wso2:api_manager:1.1.1
Wso2 » Api Manager » Version: 1.10.0

cpe:2.3:a:wso2:api_manager:1.10.0
Wso2 » Api Manager » Version: 1.2.0

cpe:2.3:a:wso2:api_manager:1.2.0
Wso2 » Api Manager » Version: 1.3.0

cpe:2.3:a:wso2:api_manager:1.3.0
Wso2 » Api Manager » Version: 1.3.1

cpe:2.3:a:wso2:api_manager:1.3.1
Wso2 » Api Manager » Version: 1.4.0

cpe:2.3:a:wso2:api_manager:1.4.0
Wso2 » Api Manager » Version: 1.5.0

cpe:2.3:a:wso2:api_manager:1.5.0
Wso2 » Api Manager » Version: 1.6.0

cpe:2.3:a:wso2:api_manager:1.6.0
Wso2 » Api Manager » Version: 1.7.0

cpe:2.3:a:wso2:api_manager:1.7.0
Wso2 » Api Manager » Version: 1.8.0

cpe:2.3:a:wso2:api_manager:1.8.0
Wso2 » Api Manager » Version: 1.9.0

cpe:2.3:a:wso2:api_manager:1.9.0
Wso2 » Api Manager » Version: 1.9.1

cpe:2.3:a:wso2:api_manager:1.9.1
Wso2 » Api Manager » Version: 2.0.0

cpe:2.3:a:wso2:api_manager:2.0.0
Wso2 » Api Manager » Version: 2.1.0

cpe:2.3:a:wso2:api_manager:2.1.0
Wso2 » Api Manager » Version: 2.2.0

cpe:2.3:a:wso2:api_manager:2.2.0
Wso2 » Api Manager » Version: 2.5.0

cpe:2.3:a:wso2:api_manager:2.5.0
Wso2 » Api Manager » Version: 2.6.0

cpe:2.3:a:wso2:api_manager:2.6.0
Wso2 » Api Manager » Version: 3.0.0

cpe:2.3:a:wso2:api_manager:3.0.0
Wso2 » Api Manager » Version: 3.1.0

cpe:2.3:a:wso2:api_manager:3.1.0
Wso2 » Api Manager Analytics » Version: 2.5.0

cpe:2.3:a:wso2:api_manager_analytics:2.5.0
Wso2 » Identity Server » Version: 1.5.0

cpe:2.3:a:wso2:identity_server:1.5.0
Wso2 » Identity Server » Version: 2.0.0

cpe:2.3:a:wso2:identity_server:2.0.0
Wso2 » Identity Server » Version: 2.0.1

cpe:2.3:a:wso2:identity_server:2.0.1
Wso2 » Identity Server » Version: 2.0.2

cpe:2.3:a:wso2:identity_server:2.0.2
Wso2 » Identity Server » Version: 2.0.3

cpe:2.3:a:wso2:identity_server:2.0.3
Wso2 » Identity Server » Version: 3.0.0

cpe:2.3:a:wso2:identity_server:3.0.0
Wso2 » Identity Server » Version: 3.0.1

cpe:2.3:a:wso2:identity_server:3.0.1
Wso2 » Identity Server » Version: 3.2.0

cpe:2.3:a:wso2:identity_server:3.2.0
Wso2 » Identity Server » Version: 3.2.2

cpe:2.3:a:wso2:identity_server:3.2.2
Wso2 » Identity Server » Version: 3.2.3

cpe:2.3:a:wso2:identity_server:3.2.3
Wso2 » Identity Server » Version: 4.0.0

cpe:2.3:a:wso2:identity_server:4.0.0
Wso2 » Identity Server » Version: 4.1.0

cpe:2.3:a:wso2:identity_server:4.1.0
Wso2 » Identity Server » Version: 4.5.0

cpe:2.3:a:wso2:identity_server:4.5.0
Wso2 » Identity Server » Version: 4.6.0

cpe:2.3:a:wso2:identity_server:4.6.0
Wso2 » Identity Server » Version: 5.0.0

cpe:2.3:a:wso2:identity_server:5.0.0
Wso2 » Identity Server » Version: 5.1.0

cpe:2.3:a:wso2:identity_server:5.1.0
Wso2 » Identity Server » Version: 5.10.0

cpe:2.3:a:wso2:identity_server:5.10.0
Wso2 » Identity Server » Version: 5.2.0

cpe:2.3:a:wso2:identity_server:5.2.0
Wso2 » Identity Server » Version: 5.3.0

cpe:2.3:a:wso2:identity_server:5.3.0
Wso2 » Identity Server » Version: 5.4.0

cpe:2.3:a:wso2:identity_server:5.4.0
Wso2 » Identity Server » Version: 5.4.1

cpe:2.3:a:wso2:identity_server:5.4.1
Wso2 » Identity Server » Version: 5.5.0

cpe:2.3:a:wso2:identity_server:5.5.0
Wso2 » Identity Server » Version: 5.6.0

cpe:2.3:a:wso2:identity_server:5.6.0
Wso2 » Identity Server » Version: 5.7.0

cpe:2.3:a:wso2:identity_server:5.7.0
Wso2 » Identity Server » Version: 5.8.0

cpe:2.3:a:wso2:identity_server:5.8.0
Wso2 » Identity Server » Version: 5.9.0

cpe:2.3:a:wso2:identity_server:5.9.0
Wso2 » Identity Server Analytics » Version: N/A

cpe:2.3:a:wso2:identity_server_analytics:-
Wso2 » Identity Server Analytics » Version: 5.4.0

cpe:2.3:a:wso2:identity_server_analytics:5.4.0
Wso2 » Identity Server Analytics » Version: 5.4.1

cpe:2.3:a:wso2:identity_server_analytics:5.4.1
Wso2 » Identity Server Analytics » Version: 5.5.0

cpe:2.3:a:wso2:identity_server_analytics:5.5.0
Wso2 » Identity Server Analytics » Version: 5.6.0

cpe:2.3:a:wso2:identity_server_analytics:5.6.0
Wso2 » Identity Server As Key Manager » Version: N/A

cpe:2.3:a:wso2:identity_server_as_key_manager:-
Wso2 » Identity Server As Key Manager » Version: 1.10.0

cpe:2.3:a:wso2:identity_server_as_key_manager:1.10.0
Wso2 » Identity Server As Key Manager » Version: 1.9.0

cpe:2.3:a:wso2:identity_server_as_key_manager:1.9.0
Wso2 » Identity Server As Key Manager » Version: 1.9.1

cpe:2.3:a:wso2:identity_server_as_key_manager:1.9.1
Wso2 » Identity Server As Key Manager » Version: 2.0.0

cpe:2.3:a:wso2:identity_server_as_key_manager:2.0.0
Wso2 » Identity Server As Key Manager » Version: 2.1.0

cpe:2.3:a:wso2:identity_server_as_key_manager:2.1.0
Wso2 » Identity Server As Key Manager » Version: 2.2.0

cpe:2.3:a:wso2:identity_server_as_key_manager:2.2.0
Wso2 » Identity Server As Key Manager » Version: 2.5.0

cpe:2.3:a:wso2:identity_server_as_key_manager:2.5.0
Wso2 » Identity Server As Key Manager » Version: 2.6.0

cpe:2.3:a:wso2:identity_server_as_key_manager:2.6.0
Wso2 » Identity Server As Key Manager » Version: 3.0.0

cpe:2.3:a:wso2:identity_server_as_key_manager:3.0.0
Wso2 » Identity Server As Key Manager » Version: 3.1.0

cpe:2.3:a:wso2:identity_server_as_key_manager:3.1.0
Wso2 » Identity Server As Key Manager » Version: 5.0.0

cpe:2.3:a:wso2:identity_server_as_key_manager:5.0.0
Wso2 » Identity Server As Key Manager » Version: 5.1.0

cpe:2.3:a:wso2:identity_server_as_key_manager:5.1.0
Wso2 » Identity Server As Key Manager » Version: 5.10.0

cpe:2.3:a:wso2:identity_server_as_key_manager:5.10.0
Wso2 » Identity Server As Key Manager » Version: 5.2.0

cpe:2.3:a:wso2:identity_server_as_key_manager:5.2.0
Wso2 » Identity Server As Key Manager » Version: 5.3.0

cpe:2.3:a:wso2:identity_server_as_key_manager:5.3.0
Wso2 » Identity Server As Key Manager » Version: 5.4.0

cpe:2.3:a:wso2:identity_server_as_key_manager:5.4.0
Wso2 » Identity Server As Key Manager » Version: 5.4.1

cpe:2.3:a:wso2:identity_server_as_key_manager:5.4.1
Wso2 » Identity Server As Key Manager » Version: 5.5.0

cpe:2.3:a:wso2:identity_server_as_key_manager:5.5.0
Wso2 » Identity Server As Key Manager » Version: 5.6.0

cpe:2.3:a:wso2:identity_server_as_key_manager:5.6.0
Wso2 » Identity Server As Key Manager » Version: 5.7.0

cpe:2.3:a:wso2:identity_server_as_key_manager:5.7.0
Wso2 » Identity Server As Key Manager » Version: 5.8.0

cpe:2.3:a:wso2:identity_server_as_key_manager:5.8.0
Wso2 » Identity Server As Key Manager » Version: 5.9.0

cpe:2.3:a:wso2:identity_server_as_key_manager:5.9.0
Wso2 » Iot Server » Version: 3.1.0

cpe:2.3:a:wso2:iot_server:3.1.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2020-24705

Products

Pricing

Contact Us