CVE-2020-14519

CWE-3463 documents3 sources

Severity

7.5HIGH

EPSS

0.1%

top 75.30%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Wibu Codemeter

Timeline

PublishedSep 16

Latest updateMay 24

Description

This vulnerability allows an attacker to use the internal WebSockets API for CodeMeter (All versions prior to 7.00 are affected, including Version 7.0 or newer with the affected WebSockets API still enabled. This is especially relevant for systems or devices where a web browser is used to access a web server) via a specifically crafted Java Script payload, which may allow alteration or creation of license files for when combined with CVE-2020-14515.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

▶NVDwibu/codemeter< 7.00

▶CVEListV5codemeterAll versions prior to 7.00, including Version 7.0 or newer with the affected WebSockets API still enabled. This is especially relevant for systems or devices where a web browser is used to access a web server.

🔴Vulnerability Details

GHSA

GHSA-qf8w-r56m-c9xh: This vulnerability allows an attacker to use the internal WebSockets API for CodeMeter (All versions prior to 7↗2022-05-24

▶

CVEList

CVE-2020-14519: This vulnerability allows an attacker to use the internal WebSockets API for CodeMeter (All versions prior to 7↗2020-09-16

▶