| Title | 複数の WSO2 製品におけるクロスサイトスクリプティングの脆弱性 |
|---|---|
| Summary | 複数の WSO2 製品には、クロスサイトスクリプティングの脆弱性が存在します。 |
| Possible impacts | 情報を取得される、および情報を改ざんされる可能性があります。 |
| Solution | ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。 |
| Publication Date | Sept. 4, 2017, midnight |
| Registration Date | Oct. 31, 2017, 4:59 p.m. |
| Last Update | Oct. 31, 2017, 4:59 p.m. |
| CVSS3.0 : 警告 | |
| Score | 6.1 |
|---|---|
| Vector | CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
| CVSS2.0 : 警告 | |
| Score | 4.3 |
|---|---|
| Vector | AV:N/AC:M/Au:N/C:N/I:P/A:N |
| WSO2 |
| WSO2 Application Server 5.3.0 |
| WSO2 Business Process Server 3.6.0 |
| WSO2 Business Rules Server 2.2.0 |
| WSO2 Complex Event Processor 4.2.0 |
| WSO2 Dashboard Server 2.0.0 |
| WSO2 Data Analytics Server 3.1.0 |
| WSO2 Data Services Server 3.5.1 |
| WSO2 Machine Learner 1.2.0 |
| No | Changed Details | Date of change |
|---|---|---|
| 0 | [2017年10月31日] 掲載 |
Feb. 17, 2018, 10:37 a.m. |
| Summary | The Management Console in WSO2 Application Server 5.3.0, WSO2 Business Process Server 3.6.0, WSO2 Business Rules Server 2.2.0, WSO2 Complex Event Processor 4.2.0, WSO2 Dashboard Server 2.0.0, WSO2 Data Analytics Server 3.1.0, WSO2 Data Services Server 3.5.1, and WSO2 Machine Learner 1.2.0 is affected by stored XSS. |
|---|---|
| Publication Date | Oct. 4, 2017, 10:29 a.m. |
| Registration Date | Jan. 26, 2021, 1:16 p.m. |
| Last Update | Nov. 21, 2024, 12:13 p.m. |
| Configuration1 | or higher | or less | more than | less than | |
| cpe:2.3:a:wso2:machine_learner:1.2.0:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:wso2:data_services_server:3.5.1:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:wso2:dashboard_server:2.0.0:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:wso2:complex_event_processor:4.2.0:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:wso2:business_rules_server:2.2.0:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:wso2:business_process_server:3.6.0:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:wso2:application_server:5.3.0:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:wso2:data_analytics_server:3.1.0:*:*:*:*:*:*:* | |||||