First published: Mon Jan 27 2020(Updated: )
An issue was discovered in WSO2 API Manager 2.6.0, WSO2 Enterprise Integrator 6.5.0, WSO2 IS as Key Manager 5.7.0, and WSO2 Identity Server 5.8.0. A potential stored Cross-Site Scripting (XSS) vulnerability in roleToAuthorize has been identified in the registry UI.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
WSO2 API Manager | =2.6.0 | |
WSO2 Enterprise Integrator | =6.5.0 | |
WSO2 Identity Server | =5.7.0 | |
WSO2 Identity Server | =5.8.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2019-20442 is medium with a severity value of 4.8.
CVE-2019-20442 affects WSO2 API Manager 2.6.0, WSO2 Enterprise Integrator 6.5.0, WSO2 IS as Key Manager 5.7.0, and WSO2 Identity Server 5.8.0.
CVE-2019-20442 is a potential stored Cross-Site Scripting (XSS) vulnerability in the registry UI's roleToAuthorize.
To fix CVE-2019-20442, update WSO2 API Manager to version 2.6.0, WSO2 Enterprise Integrator to version 6.5.0, WSO2 IS as Key Manager to version 5.7.0, and WSO2 Identity Server to version 5.8.0.
You can find more information about CVE-2019-20442 on the following references: - [CyberSecurityWorks](https://cybersecurityworks.com/zerodays/cve-2019-20442-wso2.html) - [WSO2 Security Advisory](https://docs.wso2.com/display/Security/Security+Advisory+WSO2-2019-0636) - [GitHub](https://github.com/cybersecurityworks/Disclosed/issues/25)