CVE Vulnerability

CVE-2020-14519

This vulnerability allows an attacker to use the internal WebSockets API for CodeMeter (All versions prior to 7.00 are affected, including Version 7.0 or newer with the affected WebSockets API still enabled. This is especially relevant for systems or devices where a web browser is used to access a web server) via a specifically crafted Java Script payload, which may allow alteration or creation of license files for when combined with CVE-2020-14515.

5 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 10 / Impact : 2.9

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

Scope

7.5 /10

CVSS v3.0 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://us-cert.cisa.gov/ics/advisories/icsa-20-203-01 Third Party Advisory US Government Resource
Configurations

Configuration 1

cpe:2.3:a:wibu:codemeter:*:*:*:*:*:*:*:*
Information

Published : 2020-09-16 08:15

Updated : 2020-09-22 06:07

NVD link : CVE-2020-14519

Mitre link : CVE-2020-14519

Products Affected
No products.
CWE
CWE-346