CVE-2020-24705

CVE-2020-24705

An issue was discovered in certain WSO2 products. A valid Carbon Management Console session cookie may be sent to an attacker-controlled server if the victim submits a crafted Try It request, aka Session Hijacking. This affects API Manager through 3.1.0, API Manager Analytics 2.5.0, IS as Key Manager through 5.10.0, Identity Server through 5.10.0, Identity Server Analytics through 5.6.0, and IoT Server 3.1.0.

Source: CVE-2020-24705

답글 남기기

이메일 주소는 공개되지 않습니다. 필수 필드는 *로 표시됩니다