FKIE_CVE-2019-20437

Vulnerability from fkie_nvd - Published: 2020-01-28 01:15 - Updated: 2024-11-21 04:38
Severity ?
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
An issue was discovered in WSO2 API Manager 2.6.0, WSO2 IS as Key Manager 5.7.0, and WSO2 Identity Server 5.8.0. When a custom claim dialect with an XSS payload is configured in the identity provider basic claim configuration, that payload gets executed, if a user picks up that dialect's URI as the provisioning claim in the advanced claim configuration of the same Identity Provider. The attacker also needs to have privileges to log in to the management console, and to add and update identity provider configurations.
References
cve@mitre.orghttps://cybersecurityworks.com/zerodays/cve-2019-20437-wso2.htmlExploit, Third Party Advisory
cve@mitre.orghttps://docs.wso2.com/display/Security/Security+Advisory+WSO2-2019-0635Vendor Advisory
cve@mitre.orghttps://github.com/cybersecurityworks/Disclosed/issues/20Exploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://cybersecurityworks.com/zerodays/cve-2019-20437-wso2.htmlExploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://docs.wso2.com/display/Security/Security+Advisory+WSO2-2019-0635Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/cybersecurityworks/Disclosed/issues/20Exploit, Third Party Advisory
Impacted products
Vendor Product Version
wso2 api_manager 2.6.0
wso2 identity_server 5.7.0
wso2 identity_server 5.8.0
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:wso2:api_manager:2.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "BC168B6A-B15A-4C3B-A38D-C0B65F24F333",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:wso2:identity_server:5.7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "60781FE4-38A3-4FEA-9D8B-CADE4B535974",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:wso2:identity_server:5.8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2B169832-A746-49A6-8E92-06624AA9B13A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue was discovered in WSO2 API Manager 2.6.0, WSO2 IS as Key Manager 5.7.0, and WSO2 Identity Server 5.8.0. When a custom claim dialect with an XSS payload is configured in the identity provider basic claim configuration, that payload gets executed, if a user picks up that dialect\u0027s URI as the provisioning claim in the advanced claim configuration of the same Identity Provider. The attacker also needs to have privileges to log in to the management console, and to add and update identity provider configurations."
    },
    {
      "lang": "es",
      "value": "Se detect\u00f3 un problema en WSO2 API Manager versi\u00f3n 2.6.0, WSO2 IS as Key Manager versi\u00f3n 5.7.0 y WSO2 Identity Server versi\u00f3n 5.8.0. Cuando un dialecto de reclamo personalizado con una carga \u00fatil de tipo XSS es establecido en la configuraci\u00f3n b\u00e1sica de reclamo del proveedor de identidad, esa carga \u00fatil es ejecutada, si un usuario recoge el URI de ese dialecto como el reclamo de aprovisionamiento en la configuraci\u00f3n de reclamo avanzada del mismo proveedor de identidad. El atacante tambi\u00e9n necesita contar con privilegios para iniciar sesi\u00f3n en la consola de administraci\u00f3n y para agregar y actualizar las configuraciones del proveedor de identidad."
    }
  ],
  "id": "CVE-2019-20437",
  "lastModified": "2024-11-21T04:38:28.787",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.1,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.7,
        "source": "cve@mitre.org",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.1,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-01-28T01:15:12.037",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://cybersecurityworks.com/zerodays/cve-2019-20437-wso2.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://docs.wso2.com/display/Security/Security+Advisory+WSO2-2019-0635"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://github.com/cybersecurityworks/Disclosed/issues/20"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://cybersecurityworks.com/zerodays/cve-2019-20437-wso2.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://docs.wso2.com/display/Security/Security+Advisory+WSO2-2019-0635"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://github.com/cybersecurityworks/Disclosed/issues/20"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.