Identifier

CVE-2020-24705

Package Slug

maven/org.wso2.carbon.analytics-common/org.wso2.carbon.event.publisher.core

Vulnerability

Session Hijacking

Description

An issue was discovered in certain WSO2 products. A valid Carbon Management Console session cookie may be sent to an attacker-controlled server if the victim submits a crafted Try It request, aka Session Hijacking. This affects API Manager , API Manager Analytics , IS as Key Manager , Identity Server , Identity Server Analytics , and IoT Server

Affected Versions

Version 2.5.0

Solution

Unfortunately, there is no solution available yet.

Last Modified

2020-09-09

source