CVE-2020-13954 — MEDIUM (6.1)

Vulnerability Description

By default, Apache CXF creates a /services page containing a listing of the available endpoint names and addresses. This webpage is vulnerable to a reflected Cross-Site Scripting (XSS) attack via the styleSheetPath, which allows a malicious actor to inject javascript into the web page. This vulnerability affects all versions of Apache CXF prior to 3.4.1 and 3.3.8. Please note that this is a separate issue to CVE-2019-17573.

CVSS Score

6.1

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality

LOW

Integrity

LOW

Availability

NONE

Affected Products

Vendor	Product	Versions
Apache	Cxf	< 3.3.8
Netapp	Snap Creator Framework	-
Netapp	Vasa Provider For Clustered Data Ontap	>= 9.6
Oracle	Business Intelligence	5.5.0.0.0
Oracle	Retail Order Broker Cloud Service	15.0
Oracle	Communications Messaging Server	8.0.2

Related Weaknesses (CWE)

CWE-79

References

http://cxf.apache.org/security-advisories.data/CVE-2020-13954.txt.asc?version=1&Vendor Advisory
http://www.openwall.com/lists/oss-security/2020/11/12/2Mailing ListThird Party AdvisoryVendor Advisory
https://lists.apache.org/thread.html/r51fdd73548290b2dfd0b48f7ab69bf9ae064dd1003
https://lists.apache.org/thread.html/r51fdd73548290b2dfd0b48f7ab69bf9ae064dd1003
https://lists.apache.org/thread.html/r51fdd73548290b2dfd0b48f7ab69bf9ae064dd1003
https://lists.apache.org/thread.html/r640719c9ce5671f239a6f002c20e14062effe4b318
https://lists.apache.org/thread.html/r81a41a2915985d49bc3ea57dde2018b03584a86387
https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fd
https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba7
https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49
https://security.netapp.com/advisory/ntap-20210513-0010/Third Party Advisory
https://www.oracle.com/security-alerts/cpuApr2021.htmlPatchThird Party Advisory
https://www.oracle.com/security-alerts/cpuapr2022.htmlNot ApplicableThird Party Advisory
https://www.oracle.com/security-alerts/cpujan2021.htmlPatchThird Party Advisory
https://www.oracle.com/security-alerts/cpuoct2021.htmlPatchThird Party Advisory

FAQ

What is CVE-2020-13954?

CVE-2020-13954 is a vulnerability with a CVSS score of 6.1 (MEDIUM). By default, Apache CXF creates a /services page containing a listing of the available endpoint names and addresses. This webpage is vulnerable to a reflected Cross-Site Scripting (XSS) attack via the ...

How severe is CVE-2020-13954?

CVE-2020-13954 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2020-13954?

Check the references section above for vendor advisories and patch information. Affected products include: Apache Cxf, Netapp Snap Creator Framework, Netapp Vasa Provider For Clustered Data Ontap, Oracle Business Intelligence, Oracle Retail Order Broker Cloud Service.