ID
VAR-202006-0905
CVE
CVE-2020-14446
TITLE
WSO2 Identity Server and IS as Key Manager Open redirect vulnerability in
Trust: 0.8
sources:
JVNDB: JVNDB-2020-007014
DESCRIPTION
An issue was discovered in WSO2 Identity Server through 5.10.0 and WSO2 IS as Key Manager through 5.10.0. An open redirect exists. Attackers can use this vulnerability to redirect users to arbitrary external links by constructing URLs to carry out phishing attacks
Trust: 2.16
sources:
NVD: CVE-2020-14446 //
JVNDB: JVNDB-2020-007014 //
CNVD: CNVD-2021-20265
IOT TAXONOMY
| category: | ['Network device'] | sub_category: | - | Trust: 0.6 |
sources:
CNVD: CNVD-2021-20265
AFFECTED PRODUCTS
| vendor: | wso2 | model: | identity server as key manager | scope: | lte | version: | 5.10.0 | Trust: 1.0 |
| vendor: | wso2 | model: | identity server | scope: | lte | version: | 5.10.0 | Trust: 1.0 |
| vendor: | wso2 | model: | identity server as key manager | scope: | eq | version: | 5.10.0 | Trust: 0.8 |
| vendor: | wso2 | model: | identity server | scope: | eq | version: | 5.10.0 | Trust: 0.8 |
| vendor: | wso2 | model: | identity server | scope: | lte | version: | <=5.10.0 | Trust: 0.6 |
| vendor: | wso2 | model: | is as key manager | scope: | lte | version: | <=5.10.0 | Trust: 0.6 |
sources:
CNVD: CNVD-2021-20265 //
JVNDB: JVNDB-2020-007014 //
NVD: CVE-2020-14446
CVSS
SEVERITY | CVSSV2 | CVSSV3 | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|
sources:
CNVD: CNVD-2021-20265 //
JVNDB: JVNDB-2020-007014 //
CNNVD: CNNVD-202006-1273 //
NVD: CVE-2020-14446 //
NVD: CVE-2020-14446
PROBLEMTYPE DATA
| problemtype: | CWE-601 | Trust: 1.8 |
sources:
JVNDB: JVNDB-2020-007014 //
NVD: CVE-2020-14446
THREAT TYPE
remote
Trust: 0.6
sources:
CNNVD: CNNVD-202006-1273
TYPE
input validation error
Trust: 0.6
sources:
CNNVD: CNNVD-202006-1273
CONFIGURATIONS
sources:
JVNDB: JVNDB-2020-007014
PATCH
| title: | Security Advisory WSO2-2020-0713 | url: | https://docs.wso2.com/display/Security/Security+Advisory+WSO2-2020-0713 | Trust: 0.8 |
| title: | Patch for WSO2 Identity Server and IS as Key Manager input validation error vulnerability | url: | https://www.cnvd.org.cn/patchInfo/show/253751 | Trust: 0.6 |
| title: | WSO2 Identity Server and IS as Key Manager Enter the fix for the verification error vulnerability | url: | http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=122583 | Trust: 0.6 |
sources:
CNVD: CNVD-2021-20265 //
JVNDB: JVNDB-2020-007014 //
CNNVD: CNNVD-202006-1273
EXTERNAL IDS
| db: | NVD | id: | CVE-2020-14446 | Trust: 3.0 |
| db: | JVNDB | id: | JVNDB-2020-007014 | Trust: 0.8 |
| db: | CNVD | id: | CNVD-2021-20265 | Trust: 0.6 |
| db: | CNNVD | id: | CNNVD-202006-1273 | Trust: 0.6 |
sources:
CNVD: CNVD-2021-20265 //
JVNDB: JVNDB-2020-007014 //
CNNVD: CNNVD-202006-1273 //
NVD: CVE-2020-14446
REFERENCES
| url: | https://cybersecurityworks.com/zerodays/cve-2020-14446-wso2.html | Trust: 1.6 |
| url: | https://docs.wso2.com/display/security/security+advisory+wso2-2020-0713 | Trust: 1.6 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2020-14446 | Trust: 1.4 |
| url: | https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-14446 | Trust: 0.8 |
sources:
JVNDB: JVNDB-2020-007014 //
CNNVD: CNNVD-202006-1273 //
NVD: CVE-2020-14446
SOURCES
| db: | CNVD | id: | CNVD-2021-20265 |
| db: | JVNDB | id: | JVNDB-2020-007014 |
| db: | CNNVD | id: | CNNVD-202006-1273 |
| db: | NVD | id: | CVE-2020-14446 |
LAST UPDATE DATE
2024-11-23T22:25:26.197000+00:00
SOURCES UPDATE DATE
| db: | CNVD | id: | CNVD-2021-20265 | date: | 2021-03-23T00:00:00 |
| db: | JVNDB | id: | JVNDB-2020-007014 | date: | 2020-07-29T00:00:00 |
| db: | CNNVD | id: | CNNVD-202006-1273 | date: | 2021-08-16T00:00:00 |
| db: | NVD | id: | CVE-2020-14446 | date: | 2024-11-21T05:03:17.897 |
SOURCES RELEASE DATE
| db: | CNVD | id: | CNVD-2021-20265 | date: | 2021-03-18T00:00:00 |
| db: | JVNDB | id: | JVNDB-2020-007014 | date: | 2020-07-29T00:00:00 |
| db: | CNNVD | id: | CNNVD-202006-1273 | date: | 2020-06-18T00:00:00 |
| db: | NVD | id: | CVE-2020-14446 | date: | 2020-06-18T18:15:11.247 |