2023-12-18 17:00:28 +00:00
{
"id" : "CVE-2023-6911" ,
"sourceIdentifier" : "ed10eef1-636d-4fbe-9993-6890dfa878f8" ,
"published" : "2023-12-18T09:15:05.810" ,
2024-12-08 03:06:42 +00:00
"lastModified" : "2024-11-21T08:44:49.210" ,
"vulnStatus" : "Modified" ,
2024-07-14 02:06:08 +00:00
"cveTags" : [ ] ,
2023-12-18 17:00:28 +00:00
"descriptions" : [
{
"lang" : "en" ,
"value" : "Multiple WSO2 products have been identified as vulnerable due to improper output encoding, a Stored Cross Site Scripting (XSS) attack can be carried out by an attacker injecting a malicious payload into the Registry feature of the Management Console.\n"
2023-12-22 19:00:28 +00:00
} ,
{
"lang" : "es" ,
"value" : "Se han identificado varios productos WSO2 como vulnerables debido a una codificaci\u00f3n de salida incorrecta; un atacante puede llevar a cabo un ataque de Cross-Site Scripting (XSS) Almacenado inyectando un payload malicioso en la funci\u00f3n de registro de Management Console."
2023-12-18 17:00:28 +00:00
}
] ,
"metrics" : {
"cvssMetricV31" : [
2023-12-22 19:00:28 +00:00
{
2024-12-08 03:06:42 +00:00
"source" : "ed10eef1-636d-4fbe-9993-6890dfa878f8" ,
"type" : "Secondary" ,
2023-12-22 19:00:28 +00:00
"cvssData" : {
"version" : "3.1" ,
"vectorString" : "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" ,
2024-12-08 03:06:42 +00:00
"baseScore" : 4.8 ,
"baseSeverity" : "MEDIUM" ,
2023-12-22 19:00:28 +00:00
"attackVector" : "NETWORK" ,
"attackComplexity" : "LOW" ,
"privilegesRequired" : "HIGH" ,
"userInteraction" : "REQUIRED" ,
"scope" : "CHANGED" ,
"confidentialityImpact" : "LOW" ,
"integrityImpact" : "LOW" ,
2024-12-08 03:06:42 +00:00
"availabilityImpact" : "NONE"
2023-12-22 19:00:28 +00:00
} ,
"exploitabilityScore" : 1.7 ,
"impactScore" : 2.7
} ,
2023-12-18 17:00:28 +00:00
{
2024-12-08 03:06:42 +00:00
"source" : "nvd@nist.gov" ,
"type" : "Primary" ,
2023-12-18 17:00:28 +00:00
"cvssData" : {
"version" : "3.1" ,
"vectorString" : "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N" ,
2024-12-08 03:06:42 +00:00
"baseScore" : 4.8 ,
"baseSeverity" : "MEDIUM" ,
2023-12-18 17:00:28 +00:00
"attackVector" : "NETWORK" ,
"attackComplexity" : "LOW" ,
"privilegesRequired" : "HIGH" ,
"userInteraction" : "REQUIRED" ,
"scope" : "CHANGED" ,
"confidentialityImpact" : "LOW" ,
"integrityImpact" : "LOW" ,
2024-12-08 03:06:42 +00:00
"availabilityImpact" : "NONE"
2023-12-18 17:00:28 +00:00
} ,
"exploitabilityScore" : 1.7 ,
"impactScore" : 2.7
}
]
} ,
"weaknesses" : [
2023-12-22 19:00:28 +00:00
{
2024-12-08 03:06:42 +00:00
"source" : "ed10eef1-636d-4fbe-9993-6890dfa878f8" ,
"type" : "Secondary" ,
2023-12-22 19:00:28 +00:00
"description" : [
{
"lang" : "en" ,
"value" : "CWE-79"
}
]
} ,
2023-12-18 17:00:28 +00:00
{
2024-12-08 03:06:42 +00:00
"source" : "nvd@nist.gov" ,
"type" : "Primary" ,
2023-12-18 17:00:28 +00:00
"description" : [
{
"lang" : "en" ,
"value" : "CWE-79"
}
]
}
] ,
2023-12-22 19:00:28 +00:00
"configurations" : [
{
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:wso2:api_manager:2.2.0:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "6819491F-C6C3-41C1-B27A-0D0B62224977"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:wso2:api_manager:2.5.0:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "0D57C8CF-084D-4142-9AF1-7C9F1261A3BD"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:wso2:api_manager:2.6.0:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "BC168B6A-B15A-4C3B-A38D-C0B65F24F333"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:wso2:api_manager:3.0.0:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "8FF14774-8935-4FC9-B5C8-9771B3D6EBFD"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:wso2:api_manager:3.1.0:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "1344FB79-0796-445C-A8F3-C03E995925D1"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:wso2:api_manager:3.2.0:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "E31E32CD-497E-4EF5-B3FC-8718EE06EDAD"
}
]
}
]
} ,
{
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:wso2:api_manager_analytics:2.2.0:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "ADEAF56C-4583-40A6-826F-01AC86191AD7"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:wso2:api_manager_analytics:2.5.0:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "04A2A50A-872E-4CC7-BBB7-3E0956176AAC"
}
]
}
]
} ,
{
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:wso2:api_microgateway:2.2.0:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "79CDDE83-4CB6-4DA3-8E96-FCDA4F5C1E93"
}
]
}
]
} ,
{
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:wso2:data_analytics_server:3.2.0:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "5CCDDFAB-C8FC-41C4-9872-667C442F119B"
}
]
}
]
} ,
{
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:wso2:enterprise_integrator:6.1.0:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "D64106E7-1956-4AAA-915F-7E6DB7461BD4"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:wso2:enterprise_integrator:6.1.1:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "EA3B48BB-ECB5-4A94-B76D-97BC3D303E9E"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:wso2:enterprise_integrator:6.2.0:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "66292C25-B0B9-4FCE-9382-57B8F6BB814A"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:wso2:enterprise_integrator:6.3.0:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "709DC7EA-18A6-4B83-84CB-F2499BEB5D2F"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:wso2:enterprise_integrator:6.4.0:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "18E8577A-B322-4A70-B8AB-9DE45EFDF229"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:wso2:enterprise_integrator:6.5.0:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "4FCA89E3-F37E-494E-AD46-B9A04E608908"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:wso2:enterprise_integrator:6.6.0:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "E4A07C73-3E6B-4CF9-BEB9-39C6081C0332"
}
]
}
]
} ,
{
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:wso2:identity_server_as_key_manager:5.5.0:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "E4F0F121-700C-4D30-BAFC-960DCC56F08B"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:wso2:identity_server_as_key_manager:5.6.0:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "2E5761F7-C287-4EC4-A899-C54FB4E80A35"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:wso2:identity_server_as_key_manager:5.7.0:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "3B184BFC-8E1A-4971-B6D2-C594742AB8CE"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:wso2:identity_server_as_key_manager:5.9.0:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "EA51AC1B-0BF6-44F6-B034-CAD4F623DD76"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:wso2:identity_server_as_key_manager:5.10.0:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "6BB34405-A2F1-461A-B51B-E103BB3680A1"
}
]
}
]
} ,
{
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:wso2:identity_server:5.4.0:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "B9E7D773-A7CE-4AB8-828B-C2E7DC2799AD"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:wso2:identity_server:5.4.1:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "CEA63B98-D4B4-4FCD-A869-FE64BC21A1B6"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:wso2:identity_server:5.5.0:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "8DA0050E-D5DD-45E5-9F61-DC1BB060EFF0"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:wso2:identity_server:5.6.0:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "26542F95-73F3-4906-838E-A66F5DC9DFA5"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:wso2:identity_server:5.7.0:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "60781FE4-38A3-4FEA-9D8B-CADE4B535974"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:wso2:identity_server:5.8.0:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "2B169832-A746-49A6-8E92-06624AA9B13A"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:wso2:identity_server:5.9.0:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "981D701D-E381-484A-9614-CD0EF0331071"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:wso2:identity_server:5.10.0:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "F4F126CA-A2F9-44F4-968B-DF71765869E5"
}
]
}
]
} ,
{
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:wso2:identity_server_analytics:5.4.0:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "C32F5725-22BA-417A-B2A6-F120CA377E39"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:wso2:identity_server_analytics:5.4.1:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "B388C2B1-89EF-4D16-AD6A-675BDC6E3854"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:wso2:identity_server_analytics:5.5.0:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "42BFE7A0-A168-4C1E-8725-41DD500C837E"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:wso2:identity_server_analytics:5.6.0:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "5508EC5E-BEEA-49A7-BA2E-AEF40ECCB5C8"
}
]
}
]
} ,
{
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:wso2:message_broker:3.2.0:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "C8E3ADAB-067C-4D18-BDCA-43DDC607E4BA"
}
]
}
]
}
] ,
2023-12-18 17:00:28 +00:00
"references" : [
{
"url" : "https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2021/WSO2-2020-1225/" ,
2023-12-22 19:00:28 +00:00
"source" : "ed10eef1-636d-4fbe-9993-6890dfa878f8" ,
"tags" : [
"Vendor Advisory"
]
2024-12-08 03:06:42 +00:00
} ,
{
"url" : "https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2021/WSO2-2020-1225/" ,
"source" : "af854a3a-2127-422b-91ae-364da2661108" ,
"tags" : [
"Vendor Advisory"
]
2023-12-18 17:00:28 +00:00
}
]
}
