Identifier

CVE-2020-24703

Package Slug

maven/org.wso2.identity/identity-server-parent

Vulnerability

Session Hijacking

Description

An issue was discovered in certain WSO2 products. A valid Carbon Management Console session cookie may be sent to an attacker-controlled server if the victim submits a crafted Try It request, aka Session Hijacking. This affects API Manager , API Manager Analytics , API Microgateway , Data Analytics Server , Enterprise Integrat , IS as Key Manager , Identity Server , Identity Server Analytics , and IoT Server

Affected Versions

Version 5.5.0

Solution

Unfortunately, there is no solution available yet.

Last Modified

2020-09-09

source