Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
An issue was discovered in certain WSO2 products. A valid Carbon Management Console session cookie may be sent to an attacker-controlled server if the victim submits a crafted Try It request, aka Session Hijacking. This affects API Manager through 3.1.0, API Manager Analytics 2.5.0, IS as Key Manager through 5.10.0, Identity Server through 5.10.0, Identity Server Analytics through 5.6.0, and IoT Server 3.1.0.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Vulnerability Type
N/A
Vulnerability Title
WSO2 安全漏洞
Vulnerability Description
WSO2 products中存在安全漏洞,该漏洞源于Carbon管理控制端可以将cookie信息发送给攻击者,主要受影响范围如下:API Manager 从3.1.0开始版本,API Manager Analytics 2.5.0版本,IS as Key Manager 从5.10.0开始版本,Identity Server 从5.10.0开始版本,Identity Server Analytics 从5.6.0开始版本和IoT Server 3.1.0版本.
CVSS Information
N/A
Vulnerability Type
N/A