Details of VAR-202005-0427

ID

VAR-202005-0427

CVE

CVE-2020-12719

TITLE

plural WSO2 In the product XML External entity vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2020-005314

DESCRIPTION

XXE during an EventPublisher update can occur in Management Console in WSO2 API Manager 3.0.0 and earlier, API Manager Analytics 2.5.0 and earlier, API Microgateway 2.2.0, Enterprise Integrator 6.4.0 and earlier, IS as Key Manager 5.9.0 and earlier, Identity Server 5.9.0 and earlier, and Identity Server Analytics 5.6.0 and earlier. plural WSO2 The product has XML There is a vulnerability in an external entity.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. WSO2 API Manager, etc. are all products of the American WSO2 company. WSO2 API Manager is a set of API lifecycle management solutions. WSO2 Identity Server (IS) is an identity authentication server. WSO2 Enterprise Integrator is an open source hybrid integration platform. A security vulnerability exists in several WSO2 products. Attackers can exploit this vulnerability to obtain local files, cause denial of service, forge server-side requests, scan ports, or cause other damage

Trust: 1.8

sources: NVD: CVE-2020-12719 // JVNDB: JVNDB-2020-005314 // VULHUB: VHN-165425 // VULMON: CVE-2020-12719

AFFECTED PRODUCTS

vendor:	wso2	model:	api microgateway	scope:	eq	version:	2.2.0	Trust: 1.1
vendor:	wso2	model:	api manager analytics	scope:	lte	version:	2.5.0	Trust: 1.0
vendor:	wso2	model:	identity server analytics	scope:	lte	version:	5.6.0	Trust: 1.0
vendor:	wso2	model:	identity server as key manager	scope:	lte	version:	5.9.0	Trust: 1.0
vendor:	wso2	model:	enterprise integrator	scope:	lte	version:	6.4.0	Trust: 1.0
vendor:	wso2	model:	api manager	scope:	lte	version:	3.0.0	Trust: 1.0
vendor:	wso2	model:	identity server	scope:	lte	version:	5.9.0	Trust: 1.0
vendor:	wso2	model:	api manager	scope:	eq	version:	3.0.0	Trust: 0.9
vendor:	wso2	model:	api manager analytics	scope:	eq	version:	2.5.0	Trust: 0.9
vendor:	wso2	model:	enterprise integrator	scope:	eq	version:	6.4.0	Trust: 0.9
vendor:	wso2	model:	identity server	scope:	eq	version:	5.9.0	Trust: 0.9
vendor:	wso2	model:	identity server analytics	scope:	eq	version:	5.6.0	Trust: 0.9
vendor:	wso2	model:	identity server as key manager	scope:	eq	version:	5.9.0	Trust: 0.9
vendor:	wso2	model:	api microgateway	scope:	eq	version:	2.20	Trust: 0.8

sources: VULMON: CVE-2020-12719 // JVNDB: JVNDB-2020-005314 // NVD: CVE-2020-12719

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-12719
value:	HIGH
Trust: 1.0
cve@mitre.org:	CVE-2020-12719
value:	HIGH
Trust: 1.0
NVD:	JVNDB-2020-005314
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202005-316
value:	HIGH
Trust: 0.6
VULHUB:	VHN-165425
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2020-12719
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2020-12719
severity:	MEDIUM
baseScore:	6.5
vectorString:	AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.1
NVD:	JVNDB-2020-005314
severity:	MEDIUM
baseScore:	6.5
vectorString:	AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
VULHUB:	VHN-165425
severity:	MEDIUM
baseScore:	6.5
vectorString:	AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2020-12719
baseSeverity:	HIGH
baseScore:	7.2
vectorString:	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.2
impactScore:	5.9
version:	3.1
Trust: 1.0
cve@mitre.org:	CVE-2020-12719
baseSeverity:	HIGH
baseScore:	8.7
vectorString:	CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	2.3
impactScore:	5.8
version:	3.0
Trust: 1.0
NVD:	JVNDB-2020-005314
baseSeverity:	HIGH
baseScore:	7.2
vectorString:	CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-165425 // VULMON: CVE-2020-12719 // JVNDB: JVNDB-2020-005314 // CNNVD: CNNVD-202005-316 // NVD: CVE-2020-12719 // NVD: CVE-2020-12719

PROBLEMTYPE DATA

problemtype:

CWE-611

Trust: 1.9

sources: VULHUB: VHN-165425 // JVNDB: JVNDB-2020-005314 // NVD: CVE-2020-12719

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202005-316

TYPE

code problem

Trust: 0.6

sources: CNNVD: CNNVD-202005-316

CONFIGURATIONS

sources: JVNDB: JVNDB-2020-005314

PATCH

title:	WSO2-2019-0665	url:	https://docs.wso2.com/display/Security/Security+Advisory+WSO2-2019-0665	Trust: 0.8
title:	Multiple WSO2 Product code issue vulnerability fixes	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=118796	Trust: 0.6

sources: JVNDB: JVNDB-2020-005314 // CNNVD: CNNVD-202005-316

EXTERNAL IDS

db:	NVD	id:	CVE-2020-12719	Trust: 2.6
db:	JVNDB	id:	JVNDB-2020-005314	Trust: 0.8
db:	CNNVD	id:	CNNVD-202005-316	Trust: 0.7
db:	CNVD	id:	CNVD-2021-28009	Trust: 0.1
db:	VULHUB	id:	VHN-165425	Trust: 0.1
db:	VULMON	id:	CVE-2020-12719	Trust: 0.1

sources: VULHUB: VHN-165425 // VULMON: CVE-2020-12719 // JVNDB: JVNDB-2020-005314 // CNNVD: CNNVD-202005-316 // NVD: CVE-2020-12719

REFERENCES

url:	https://docs.wso2.com/display/security/security+advisory+wso2-2019-0665	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2020-12719	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-12719	Trust: 0.8
url:	https://cwe.mitre.org/data/definitions/611.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/181718	Trust: 0.1

sources: VULHUB: VHN-165425 // VULMON: CVE-2020-12719 // JVNDB: JVNDB-2020-005314 // CNNVD: CNNVD-202005-316 // NVD: CVE-2020-12719

SOURCES

db:	VULHUB	id:	VHN-165425
db:	VULMON	id:	CVE-2020-12719
db:	JVNDB	id:	JVNDB-2020-005314
db:	CNNVD	id:	CNNVD-202005-316
db:	NVD	id:	CVE-2020-12719

LAST UPDATE DATE

2024-11-23T22:33:27.107000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-165425	date:	2020-05-14T00:00:00
db:	VULMON	id:	CVE-2020-12719	date:	2020-05-14T00:00:00
db:	JVNDB	id:	JVNDB-2020-005314	date:	2020-06-11T00:00:00
db:	CNNVD	id:	CNNVD-202005-316	date:	2020-05-22T00:00:00
db:	NVD	id:	CVE-2020-12719	date:	2024-11-21T05:00:08.550

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-165425	date:	2020-05-08T00:00:00
db:	VULMON	id:	CVE-2020-12719	date:	2020-05-08T00:00:00
db:	JVNDB	id:	JVNDB-2020-005314	date:	2020-06-11T00:00:00
db:	CNNVD	id:	CNNVD-202005-316	date:	2020-05-07T00:00:00
db:	NVD	id:	CVE-2020-12719	date:	2020-05-08T00:15:12.033