admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-28 09:11:28 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2020/CVE-2020-246xx/CVE-2020-24602.json
cad-safe-bot e6cbafdc40 Auto-Update: 2024-12-08T03:00:18.988682+00:00
2024-12-08 03:06:42 +00:00

128 lines
3.9 KiB
JSON
Raw Blame History

{
"id": "CVE-2020-24602",
"sourceIdentifier": "cve@mitre.org",
"published": "2020-09-02T15:15:10.393",
"lastModified": "2024-11-21T05:15:08.130",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Ignite Realtime Openfire 4.5.1 has a reflected Cross-site scripting vulnerability which allows an attacker to execute arbitrary malicious URL via the vulnerable GET parameter searchName\", \"searchValue\", \"searchDescription\", \"searchDefaultValue\",\"searchPlugin\", \"searchDescription\" and \"searchDynamic\" in the Server Properties and Security Audit Viewer JSP page"
},
{
"lang": "es",
"value": "Ignite Realtime Openfire versi\u00f3n 4.5.1, presenta una vulnerabilidad de tipo Cross-site scripting reflejado que permite a un atacante ejecutar una URL maliciosa arbitraria por medio del par\u00e1metro GET vulnerable \"searchName\",\"searchValue\",\"searchDescription\",\"searchDefaultValue\",\"searchPlugin\",\"searchDescription\" y \"searchDynamic\" en la p\u00e1gina Server Properties and Security Audit Viewer JSP"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
],
"cvssMetricV2": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"baseScore": 4.3,
"accessVector": "NETWORK",
"accessComplexity": "MEDIUM",
"authentication": "NONE",
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"availabilityImpact": "NONE"
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": true
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:igniterealtime:openfire:4.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C7C7E9D2-88C1-45AE-BD6D-237914798E9C"
}
]
}
]
}
],
"references": [
{
"url": "https://cybersecurityworks.com/zerodays/cve-2020-24602-ignite-realtime-openfire.html",
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://issues.igniterealtime.org/browse/OF-1963",
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://cybersecurityworks.com/zerodays/cve-2020-24602-ignite-realtime-openfire.html",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://issues.igniterealtime.org/browse/OF-1963",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
]
}
]
}
Reference in New Issue View Git Blame Copy Permalink