Identifier

CVE-2020-24703

Package Slug

maven/org.wso2.am.microgw/org.wso2.micro.gateway.core

Vulnerability

Session Hijacking

Description

An issue was discovered in certain WSO2 products. A valid Carbon Management Console session cookie may be sent to an attacker-controlled server if the victim submits a crafted Try It request, aka Session Hijacking. This affects API Manager , API Manager Analytics , API Microgateway , Data Analytics Server , Enterprise Integrat , IS as Key Manager , Identity Server , Identity Server Analytics , and IoT Server

Affected Versions

Version 2.2.0

Solution

Unfortunately, there is no solution available yet.

Last Modified

2020-09-09

source