CVE-2020-9437

{"id": "CVE-2020-9437", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 3.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 6.8, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 4.8, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 1.7}]}, "published": "2020-06-25T20:15:11.443", "references": [{"url": "https://docs.secureauth.com/display/SID/SecureAuth+IdP+Latest+Releases", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://know.bishopfox.com/advisories", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://labs.bishopfox.com/advisories/secureauth-version-9.3", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://docs.secureauth.com/display/SID/SecureAuth+IdP+Latest+Releases", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://know.bishopfox.com/advisories", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://labs.bishopfox.com/advisories/secureauth-version-9.3", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "SecureAuth.aspx in SecureAuth IdP 9.3.0 suffers from a client-side template injection that allows for script execution, in the same manner as XSS."}, {"lang": "es", "value": "El archivo SecureAuth.aspx en SecureAuth IdP versi\u00f3n 9.3.0, sufre de una inyecci\u00f3n de plantilla del lado del cliente que permite una ejecuci\u00f3n de script, de la misma manera como un ataque de tipo XSS"}], "lastModified": "2024-11-21T05:40:38.490", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:secureauth:secureauth_identity_provider:9.3.0:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2EAF1CC8-3AA1-479C-B95D-78939548CD17"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}