CVE-2022-29548 — MEDIUM (4.6)

Vulnerability Description

A reflected XSS issue exists in the Management Console of several WSO2 products. This affects API Manager 2.2.0, 2.5.0, 2.6.0, 3.0.0, 3.1.0, 3.2.0, and 4.0.0; API Manager Analytics 2.2.0, 2.5.0, and 2.6.0; API Microgateway 2.2.0; Data Analytics Server 3.2.0; Enterprise Integrator 6.2.0, 6.3.0, 6.4.0, 6.5.0, and 6.6.0; IS as Key Manager 5.5.0, 5.6.0, 5.7.0, 5.9.0, and 5.10.0; Identity Server 5.5.0, 5.6.0, 5.7.0, 5.9.0, 5.10.0, and 5.11.0; Identity Server Analytics 5.5.0 and 5.6.0; and WSO2 Micro Integrator 1.0.0.

CVSS Score

4.6

MEDIUM

CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

LOW

Integrity

LOW

Availability

NONE

Affected Products

Vendor	Product	Versions
Wso2	Api Manager	2.2.0
Wso2	Api Manager Analytics	2.2.0
Wso2	Api Microgateway	2.2.0
Wso2	Data Analytics Server	3.2.0
Wso2	Enterprise Integrator	6.2.0
Wso2	Identity Server	5.5.0
Wso2	Identity Server Analytics	5.5.0
Wso2	Identity Server As Key Manager	5.5.0
Wso2	Micro Integrator	1.0.0

Related Weaknesses (CWE)

CWE-79

References

http://packetstormsecurity.com/files/167587/WSO2-Management-Console-Cross-Site-SExploitThird Party AdvisoryVDB Entry
https://docs.wso2.com/display/Security/Security+Advisory+WSO2-2021-1603Vendor Advisory
https://security.docs.wso2.com/en/latest/security-announcements/security-advisor
http://packetstormsecurity.com/files/167587/WSO2-Management-Console-Cross-Site-SExploitThird Party AdvisoryVDB Entry
https://docs.wso2.com/display/Security/Security+Advisory+WSO2-2021-1603Vendor Advisory
https://security.docs.wso2.com/en/latest/security-announcements/security-advisor

FAQ

What is CVE-2022-29548?

CVE-2022-29548 is a vulnerability with a CVSS score of 4.6 (MEDIUM). A reflected XSS issue exists in the Management Console of several WSO2 products. This affects API Manager 2.2.0, 2.5.0, 2.6.0, 3.0.0, 3.1.0, 3.2.0, and 4.0.0; API Manager Analytics 2.2.0, 2.5.0, and 2...

How severe is CVE-2022-29548?

CVE-2022-29548 has been rated MEDIUM with a CVSS base score of 4.6/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2022-29548?

Check the references section above for vendor advisories and patch information. Affected products include: Wso2 Api Manager, Wso2 Api Manager Analytics, Wso2 Api Microgateway, Wso2 Data Analytics Server, Wso2 Enterprise Integrator.