CVE-2020-1941

Published: May 14, 2020Modified: Nov 21, 2024

6.1

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Exploitability: 2.8 / Impact: 2.7

Source: NVD

Description

In Apache ActiveMQ 5.0.0 to 5.15.11, the webconsole admin GUI is open to XSS, in the view that lists the contents of a queue.

Affected (14)

Products: Apache: Activemq · Oracle: Communications Diameter Signaling Router, Communications Element Manager, Communications Session Report Manager, Communications Session Route Manager, Enterprise Repository, Flexcube Private Banking

1 product

6 products

Communications Diameter Signaling Router

Communications Element Manager

Communications Session Report Manager

Communications Session Route Manager

Enterprise Repository

Flexcube Private Banking

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Apache Activemq	From 5.0.0 to 5.15.11

Configuration B

13 vulnerable

Vulnerable Software	Affected Versions
Oracle Communications Diameter Signaling Router	From 8.0.0 to 8.2.2
Oracle Communications Element Manager	Version 8.1.1
Oracle Communications Element Manager	Version 8.2.0
Oracle Communications Element Manager	Version 8.2.1
Oracle Communications Session Report Manager	Version 8.1.1
Oracle Communications Session Report Manager	Version 8.2.0
Oracle Communications Session Report Manager	Version 8.2.1
Oracle Communications Session Route Manager	Version 8.1.1
Oracle Communications Session Route Manager	Version 8.2.0
Oracle Communications Session Route Manager	Version 8.2.1
Oracle Enterprise Repository	Version 11.1.1.7.0
Oracle Flexcube Private Banking	Version 12.0.0
Oracle Flexcube Private Banking	Version 12.1.0

Related CWEs

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (16)

http://activemq.apache.org/security-advisories.data/CVE-2020-1941-announcement.txt

Source: security@apache.org

Vendor Advisory

https://lists.apache.org/thread.html/r946488fb942fd35c6a6e0359f52504a558ed438574a8f14d36d7dcd7%40%3Ccommits.activemq.apache.org%3E

Source: security@apache.org

https://lists.apache.org/thread.html/rb2fd3bf2dce042e0ab3f3c94c4767c96bb2e7e6737624d63162df36d%40%3Ccommits.activemq.apache.org%3E

Source: security@apache.org

https://lists.apache.org/thread.html/re4672802b0e5ed67c08c9e77057d52138e062f77cc09581b723cf95a%40%3Ccommits.activemq.apache.org%3E

Source: security@apache.org

https://www.oracle.com//security-alerts/cpujul2021.html

Source: security@apache.org

Third Party Advisory

https://www.oracle.com/security-alerts/cpuApr2021.html

Source: security@apache.org

Third Party Advisory

https://www.oracle.com/security-alerts/cpujul2020.html

Source: security@apache.org

Third Party Advisory

https://www.oracle.com/security-alerts/cpuoct2020.html

Source: security@apache.org

Third Party Advisory

http://activemq.apache.org/security-advisories.data/CVE-2020-1941-announcement.txt

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://lists.apache.org/thread.html/r946488fb942fd35c6a6e0359f52504a558ed438574a8f14d36d7dcd7%40%3Ccommits.activemq.apache.org%3E

Source: af854a3a-2127-422b-91ae-364da2661108

https://lists.apache.org/thread.html/rb2fd3bf2dce042e0ab3f3c94c4767c96bb2e7e6737624d63162df36d%40%3Ccommits.activemq.apache.org%3E

Source: af854a3a-2127-422b-91ae-364da2661108

https://lists.apache.org/thread.html/re4672802b0e5ed67c08c9e77057d52138e062f77cc09581b723cf95a%40%3Ccommits.activemq.apache.org%3E

Source: af854a3a-2127-422b-91ae-364da2661108

https://www.oracle.com//security-alerts/cpujul2021.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://www.oracle.com/security-alerts/cpuApr2021.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://www.oracle.com/security-alerts/cpujul2020.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://www.oracle.com/security-alerts/cpuoct2020.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.