CVE-2020-14519 — HIGH (7.5)

Q: How severe is CVE-2020-14519?

CVE-2020-14519 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2020-14519?

Check the references section above for vendor advisories and patch information. Affected products include: Wibu Codemeter.

Vulnerability Description

This vulnerability allows an attacker to use the internal WebSockets API for CodeMeter (All versions prior to 7.00 are affected, including Version 7.0 or newer with the affected WebSockets API still enabled. This is especially relevant for systems or devices where a web browser is used to access a web server) via a specifically crafted Java Script payload, which may allow alteration or creation of license files for when combined with CVE-2020-14515.

CVSS Score

7.5

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

HIGH

Availability

NONE

Affected Products

Vendor	Product	Versions
Wibu	Codemeter	< 7.00

Related Weaknesses (CWE)

CWE-346

References

https://us-cert.cisa.gov/ics/advisories/icsa-20-203-01Third Party AdvisoryUS Government Resource
https://us-cert.cisa.gov/ics/advisories/icsa-20-203-01Third Party AdvisoryUS Government Resource

FAQ

What is CVE-2020-14519?

CVE-2020-14519 is a vulnerability with a CVSS score of 7.5 (HIGH). This vulnerability allows an attacker to use the internal WebSockets API for CodeMeter (All versions prior to 7.00 are affected, including Version 7.0 or newer with the affected WebSockets API still e...

How severe is CVE-2020-14519?

CVE-2020-14519 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2020-14519?

Check the references section above for vendor advisories and patch information. Affected products include: Wibu Codemeter.