Security Advisory WSO2-2017-0260

Published: September 04, 2017

Severity: Medium

CVSS Score: 4.3 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N)


AFFECTED PRODUCTS

  • WSO2 API Manager 2.1.0
  • WSO2 API Manager Analytics 2.1.0
  • WSO2 Complex Event Processor 4.2.0
  • WSO2 Data Analytics Server 3.1.0
  • WSO2 Enterprise Mobility Manager 2.2.0
  • WSO2 Identity Server Analytics 5.3.0
  • WSO2 IoT Server 3.0.0

OVERVIEW

A potential Reflected Cross-Site Scripting (XSS) vulnerability is detected in the Dashboard Portal.

DESCRIPTION

This addresses a potential XSS vulnerability identified in the Dashboard Portal login controller when Single Sign On is enabled. It has been identified that two such parameters displayed in the HTML page result were not properly encoded before displaying.

IMPACT

An attacker can include malicious content in a request to the dashboard portal, and trick a user to click a crafted URL via email, IM or a neutral website. This reflects the attack back to the user's browser and will execute the injected code, which may generate malicious page results that will mislead the victim or harm otherwise.

SOLUTION

Apply the following patches based on your product version by following the instructions in the README file. If you have any questions, post them to security@wso2.com.

Download the relevant patches based on the products you use following the matrix below. Patches can also be downloaded from Security Patch Releases.

Code Product Version Patch
AM WSO2 API Manager 2.1.0 WSO2-CARBON-PATCH-4.4.0-1232
AM-Analytics WSO2 API Manager Analytics 2.1.0 WSO2-CARBON-PATCH-4.4.0-1231
CEP WSO2 Complex Event Processor 4.2.0 WSO2-CARBON-PATCH-4.4.0-1218
DAS WSO2 Data Analytics Server 3.1.0 WSO2-CARBON-PATCH-4.4.0-1218
IoTS WSO2 IoT Server 3.0.0 WSO2-CARBON-PATCH-4.4.0-1218
IS-Analytics WSO2 Identity Server Analytics 5.3.0 WSO2-CARBON-PATCH-4.4.0-1218
EMM WSO2 Enterprise Mobility Manager 2.2.0 WSO2-CARBON-PATCH-4.4.0-1218

Info

If you are using newer versions of the products than the ones mentioned in the "SOLUTION" section, this vulnerability is fixed.