NVD - CVE-2020-17453

Vulnerability Change Records for CVE-2020-17453

Change History

Initial Analysis by NIST 4/08/2021 4:08:50 PM

Action	Type	Old Value	New Value
Added	CVSS V3.1		NIST AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Added	CVSS V2		NIST (AV:N/AC:M/Au:N/C:N/I:P/A:N)
Added	CWE		NIST CWE-79
Added	CPE Configuration		OR cpe:2.3:a:wso2:api_manager::::::::* versions up to (including) 3.2.0 cpe:2.3:a:wso2:api_manager_analytics:2.2.0::::::: cpe:2.3:a:wso2:api_manager_analytics:2.5.0::::::: cpe:2.3:a:wso2:api_manager_analytics:2.6.0::::::: cpe:2.3:a:wso2:api_microgateway:2.2.0::::::: cpe:2.3:a:wso2:enterprise_integrator::::::::* versions up to (including) 6.6.0 cpe:2.3:a:wso2:identity_server::::::::* versions up to (including) 5.10.0 cpe:2.3:a:wso2:identity_server_analytics:5.4.0::::::: cpe:2.3:a:wso2:identity_server_analytics:5.4.1::::::: cpe:2.3:a:wso2:identity_server_analytics:5.5.0::::::: cpe:2.3:a:wso2:identity_server_analytics:5.6.0::::::: cpe:2.3:a:wso2:identity_server_as_key_manager:5.5.0::::::: cpe:2.3:a:wso2:identity_server_as_key_manager:5.6.0::::::: cpe:2.3:a:wso2:identity_server_as_key_manager:5.7.0::::::: cpe:2.3:a:wso2:identity_server_as_key_manager:5.9.0::::::: cpe:2.3:a:wso2:identity_server_as_key_manager:5.10.0::::::: cpe:2.3:a:wso2:micro_integrator:1.0.0:::::::
Changed	Reference Type	https://docs.wso2.com/display/Security/Security+Advisory+WSO2-2020-1132 No Types Assigned	https://docs.wso2.com/display/Security/Security+Advisory+WSO2-2020-1132 Vendor Advisory
Changed	Reference Type	https://github.com/JHHAX/CVE-2020-17453-PoC No Types Assigned	https://github.com/JHHAX/CVE-2020-17453-PoC Exploit, Third Party Advisory
Changed	Reference Type	https://twitter.com/JacksonHHax/status/1374681422678519813 No Types Assigned	https://twitter.com/JacksonHHax/status/1374681422678519813 Exploit, Third Party Advisory
Added	CVSS V2 Metadata		Victim must voluntarily interact with attack mechanism