NotCVE - vendor:"Wso2" product:"Identity Server As Key Manager" version:"5.6.0"

Page 2 of 14 results (0.005 seconds)

CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 1

CVE-2020-14445

https://notcve.org/view.php?id=CVE-2020-14445

18 Jun 2020 — An issue was discovered in WSO2 Identity Server through 5.9.0 and WSO2 IS as Key Manager through 5.9.0. A potential Reflected Cross-Site Scripting (XSS) vulnerability has been identified in the Management Console Basic Policy Editor user Interface. Se detectó un problema en WSO2 Identity Server versiones hasta 5.9.0 y WSO2 IS como Key Manager versiones hasta 5.9.0. Se ha identificado una potencial vulnerabilidad de tipo Cross-Site Scripting (XSS) Reflejado en la interfaz de usuario Management Console Basic ... • https://cybersecurityworks.com/zerodays/cve-2020-14445-wso2.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 1

CVE-2020-14446

https://notcve.org/view.php?id=CVE-2020-14446

18 Jun 2020 — An issue was discovered in WSO2 Identity Server through 5.10.0 and WSO2 IS as Key Manager through 5.10.0. An open redirect exists. Se detectó un problema en WSO2 Identity Server versiones hasta 5.10.0 y WSO2 IS como Key Manager versiones hasta 5.10.0. Se presenta un redireccionamiento abierto • https://cybersecurityworks.com/zerodays/cve-2020-14446-wso2.html • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •

CVSS: 6.7EPSS: 0%CPEs: 3EXPL: 0

CVE-2020-13883

https://notcve.org/view.php?id=CVE-2020-13883

06 Jun 2020 — In WSO2 API Manager 3.0.0 and earlier, WSO2 API Microgateway 2.2.0, and WSO2 IS as Key Manager 5.9.0 and earlier, Management Console allows XXE during addition or update of a Lifecycle. En WSO2 API Manager versiones 3.0.0 y anteriores, WSO2 API Microgateway versión 2.2.0 y WSO2 IS como Key Manager versiones 5.9.0 y anteriores, Management Console permite un ataque de tipo XXE durante la adición o actualización de un Lifecycle • https://docs.wso2.com/display/Security/Security+Advisory+WSO2-2020-0727 • CWE-611: Improper Restriction of XML External Entity Reference •

CVSS: 8.7EPSS: 0%CPEs: 7EXPL: 0

CVE-2020-12719

https://notcve.org/view.php?id=CVE-2020-12719

07 May 2020 — XXE during an EventPublisher update can occur in Management Console in WSO2 API Manager 3.0.0 and earlier, API Manager Analytics 2.5.0 and earlier, API Microgateway 2.2.0, Enterprise Integrator 6.4.0 and earlier, IS as Key Manager 5.9.0 and earlier, Identity Server 5.9.0 and earlier, and Identity Server Analytics 5.6.0 and earlier. Una vulnerabilidad de tipo XXE durante una actualización de EventPublisher puede presentarse en Management Console en WSO2 API Manager versiones 3.0.0 y anteriores, API Manager A... • https://docs.wso2.com/display/Security/Security+Advisory+WSO2-2019-0665 • CWE-611: Improper Restriction of XML External Entity Reference •

1 2