Sign-up

ID

VAR-202006-0231


CVE

CVE-2020-14210


TITLE

MONITORAPP AIWAF-VE and AIWAF-4000 Cross-site scripting vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2020-006879

DESCRIPTION

Reflected Cross-Site Scripting (XSS) vulnerability in MONITORAPP WAF in which script can be executed when responding to Request URL information. It provides a function to response to Request URL information when blocking. MONITORAPP AIWAF-VE and AIWAF-4000 Exists in a cross-site scripting vulnerability.Information may be obtained and tampered with. Both MONITORAPP AIWAF-VE and AIWAF-4000 are products of MONITORAPP Company in the United States. MONITORAPP AIWAF-VE is an application firewall for the cloud. AIWAF-4000 is an application firewall. The vulnerability stems from the lack of correct validation of client data in WEB applications. An attacker could exploit this vulnerability to execute client code

Trust: 1.8

sources: NVD: CVE-2020-14210 // JVNDB: JVNDB-2020-006879 // VULHUB: VHN-167066 // VULMON: CVE-2020-14210

AFFECTED PRODUCTS

vendor:monitorappmodel:web application firewallscope:lteversion:2020-06-16

Trust: 1.0

vendor:monitorappmodel:application insight web applicationscope:lteversion:2020-06-16

Trust: 1.0

vendor:monitorappmodel:application insight web applicationscope: - version: -

Trust: 0.8

vendor:monitorappmodel:web application firewallscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2020-006879 // NVD: CVE-2020-14210

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-14210
value: MEDIUM

Trust: 1.0

NVD: JVNDB-2020-006879
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202006-1119
value: MEDIUM

Trust: 0.6

VULHUB: VHN-167066
value: MEDIUM

Trust: 0.1

VULMON: CVE-2020-14210
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2020-14210
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

NVD: JVNDB-2020-006879
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-167066
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-14210
baseSeverity: MEDIUM
baseScore: 6.1
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 2.7
version: 3.1

Trust: 1.0

NVD: JVNDB-2020-006879
baseSeverity: MEDIUM
baseScore: 6.1
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-167066 // VULMON: CVE-2020-14210 // JVNDB: JVNDB-2020-006879 // CNNVD: CNNVD-202006-1119 // NVD: CVE-2020-14210

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.9

sources: VULHUB: VHN-167066 // JVNDB: JVNDB-2020-006879 // NVD: CVE-2020-14210

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202006-1119

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-202006-1119

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-006879

PATCH
title:Top Pageurl:https://www.monitorapp.com/
Trust: 0.8
title:AICC reporturl:https://github.com/monitorapp-aicc/report 
Trust: 0.1
title:PoC in GitHuburl:https://github.com/soosmile/POC 
Trust: 0.1
title:PoC in GitHuburl:https://github.com/developer3000S/PoC-in-GitHub 
Trust: 0.1
sources:
            
            
            VULMON: CVE-2020-14210 // 
            
            
            
            JVNDB: JVNDB-2020-006879

EXTERNAL IDS
db:NVDid:CVE-2020-14210
Trust: 2.6
db:JVNDBid:JVNDB-2020-006879
Trust: 0.8
db:CNNVDid:CNNVD-202006-1119
Trust: 0.7
db:CNVDid:CNVD-2021-25690
Trust: 0.1
db:VULHUBid:VHN-167066
Trust: 0.1
db:VULMONid:CVE-2020-14210
Trust: 0.1
sources:
            
            
            VULHUB: VHN-167066 // 
            
            
            
            VULMON: CVE-2020-14210 // 
            
            
            
            JVNDB: JVNDB-2020-006879 // 
            
            
            
            CNNVD: CNNVD-202006-1119 // 
            
            
            
            NVD: CVE-2020-14210

REFERENCES
url:https://github.com/monitorapp-aicc/report/wiki/cve-2020-14210
Trust: 1.8
url:https://nvd.nist.gov/vuln/detail/cve-2020-14210
Trust: 1.4
url:https://github.com/kbgsft/vuln-aiwaf/wiki/cross-site-scripting(xss)-vulnerability-in-aiwaf-in-monitorapp-by-xcuter
Trust: 1.4
url:https://github.com/kbgsft/vuln-aiwaf/wiki/cross-site-scripting%28xss%29-vulnerability-in-aiwaf-in-monitorapp-by-xcuter
Trust: 1.2
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-14210
Trust: 0.8
url:https://cwe.mitre.org/data/definitions/79.html
Trust: 0.1
url:https://github.com/monitorapp-aicc/report
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            VULHUB: VHN-167066 // 
            
            
            
            VULMON: CVE-2020-14210 // 
            
            
            
            JVNDB: JVNDB-2020-006879 // 
            
            
            
            CNNVD: CNNVD-202006-1119 // 
            
            
            
            NVD: CVE-2020-14210

SOURCES
db:VULHUBid:VHN-167066
db:VULMONid:CVE-2020-14210
db:JVNDBid:JVNDB-2020-006879
db:CNNVDid:CNNVD-202006-1119
db:NVDid:CVE-2020-14210

LAST UPDATE DATE
2024-11-23T23:11:25.456000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-167066date:2021-02-18T00:00:00
db:VULMONid:CVE-2020-14210date:2023-11-07T00:00:00
db:JVNDBid:JVNDB-2020-006879date:2020-07-22T00:00:00
db:CNNVDid:CNNVD-202006-1119date:2021-02-19T00:00:00
db:NVDid:CVE-2020-14210date:2024-11-21T05:02:52.620

SOURCES RELEASE DATE
db:VULHUBid:VHN-167066date:2020-06-16T00:00:00
db:VULMONid:CVE-2020-14210date:2020-06-16T00:00:00
db:JVNDBid:JVNDB-2020-006879date:2020-07-22T00:00:00
db:CNNVDid:CNNVD-202006-1119date:2020-06-16T00:00:00
db:NVDid:CVE-2020-14210date:2020-06-16T22:15:10.380