CVE-2020-24704: XSS
First published: Thu Aug 27 2020(Updated: )
An issue was discovered in certain WSO2 products. The Try It tool allows Reflected XSS. This affects API Manager 2.2.0, API Manager Analytics 2.2.0, API Microgateway 2.2.0, Data Analytics Server 3.2.0, Enterprise Integrator through 6.6.0, IS as Key Manager 5.5.0, Identity Server 5.5.0 and 5.8.0, Identity Server Analytics 5.5.0, and IoT Server 3.3.0 and 3.3.1.
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| =2.2.0 | ||
| =2.2.0 | ||
| =2.2.0 | ||
| =3.2.0 | ||
| <=6.6.0 | ||
| =5.5.0 | ||
| =5.8.0 | ||
| =5.5.0 | ||
| =5.5.0 | ||
| =3.3.0 | ||
| =3.3.1 | ||
| WSO2 API Manager | =2.2.0 | |
| Wso2 Api Manager Analytics | =2.2.0 | |
| WSO2 API Microgateway | =2.2.0 | |
| WSO2 Data Analytics Server | =3.2.0 | |
| WSO2 Enterprise Integrator | <=6.6.0 | |
| WSO2 Identity Server | =5.5.0 | |
| WSO2 Identity Server | =5.8.0 | |
| WSO2 Identity Server Analytics | =5.5.0 | |
| WSO2 Identity Server as Key Manager | =5.5.0 | |
| Wso2 Iot Server | =3.3.0 | |
| Wso2 Iot Server | =3.3.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2020-24704?
CVE-2020-24704 refers to an issue discovered in certain WSO2 products that allows Reflected XSS.
Which WSO2 products are affected by CVE-2020-24704?
CVE-2020-24704 affects the following WSO2 products: API Manager 2.2.0, API Manager Analytics 2.2.0, API Microgateway 2.2.0, Data Analytics Server 3.2.0, Enterprise Integrator through 6.6.0, IS as Key Manager 5.5.0, Identity Server 5.5.0 and 5.8.0, and IoT Server 3.3.0 and 3.3.1.
What is the severity of CVE-2020-24704?
CVE-2020-24704 has a severity level of 6.1 (medium).
How does CVE-2020-24704 affect WSO2 API Manager?
CVE-2020-24704 affects WSO2 API Manager version 2.2.0.
Is there a fix available for CVE-2020-24704?
Yes, a fix for CVE-2020-24704 is available. Please refer to the WSO2 Security Advisory WSO2-2020-0685 for more information.
- collector/nvd-index
- agent/first-publish-date
- agent/type
- agent/last-modified-date
- agent/softwarecombine
- agent/severity
- agent/author
- agent/references
- agent/weakness
- agent/description
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/tags
- agent/event
- collector/mitre-cve
- source/MITRE
- vendor/wso2
- canonical/wso2 api manager
- version/wso2 api manager/2.2.0
- canonical/wso2 api manager analytics
- version/wso2 api manager analytics/2.2.0
- canonical/wso2 api microgateway
- version/wso2 api microgateway/2.2.0
- canonical/wso2 data analytics server
- version/wso2 data analytics server/3.2.0
- canonical/wso2 enterprise integrator
- version/wso2 enterprise integrator/6.6.0
- canonical/wso2 identity server
- version/wso2 identity server/5.5.0
- version/wso2 identity server/5.8.0
- canonical/wso2 identity server analytics
- version/wso2 identity server analytics/5.5.0
- canonical/wso2 identity server as key manager
- version/wso2 identity server as key manager/5.5.0
- canonical/wso2 iot server
- version/wso2 iot server/3.3.0
- version/wso2 iot server/3.3.1