CVE-2020-3953 - Vulnerability Details

Vendors	Products
Vmware	Vrealize Log Insight

Link	Providers
https://www.vmware.com/security/advisories/VMSA-2020-0007.html

Show plain JSON

{"containers": {"cna": {"affected": [{"product": "VMware vRealize Log Insight", "vendor": "n/a", "versions": [{"status": "affected", "version": "VMware vRealize Log Insight prior to 8.1.0"}]}], "descriptions": [{"lang": "en", "value": "Cross Site Scripting (XSS) vulnerability exists in VMware vRealize Log Insight prior to 8.1.0 due to improper Input validation."}], "problemTypes": [{"descriptions": [{"description": "Stored XSS", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-04-15T17:20:09", "orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d", "shortName": "vmware"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.vmware.com/security/advisories/VMSA-2020-0007.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@vmware.com", "ID": "CVE-2020-3953", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "VMware vRealize Log Insight", "version": {"version_data": [{"version_value": "VMware vRealize Log Insight prior to 8.1.0"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Cross Site Scripting (XSS) vulnerability exists in VMware vRealize Log Insight prior to 8.1.0 due to improper Input validation."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Stored XSS"}]}]}, "references": {"reference_data": [{"name": "https://www.vmware.com/security/advisories/VMSA-2020-0007.html", "refsource": "MISC", "url": "https://www.vmware.com/security/advisories/VMSA-2020-0007.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T07:52:20.252Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.vmware.com/security/advisories/VMSA-2020-0007.html"}]}]}, "cveMetadata": {"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d", "assignerShortName": "vmware", "cveId": "CVE-2020-3953", "datePublished": "2020-04-15T17:20:09", "dateReserved": "2019-12-30T00:00:00", "dateUpdated": "2024-08-04T07:52:20.252Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{

containers : { »

cna : { »

affected : [ »

0 : { »

product : VMware vRealize Log Insight (string)

vendor : n/a (string)

versions : [ »

0 : { »

status : affected (string)

version : VMware vRealize Log Insight prior to 8.1.0 (string)

}

]

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : Cross Site Scripting (XSS) vulnerability exists in VMware vRealize Log Insight prior to 8.1.0 due to improper Input validation. (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

description : Stored XSS (string)

lang : en (string)

type : text (string)

}

]

}

]

providerMetadata : { »

dateUpdated : 2020-04-15T17:20:09 (string)

orgId : dcf2e128-44bd-42ed-91e8-88f912c1401d (string)

shortName : vmware (string)

}

references : [ »

0 : { »

tags : [ »

0 : x_refsource_MISC (string)

]

url : https://www.vmware.com/security/advisories/VMSA-2020-0007.html (string)

}

]

x_legacyV4Record : { »

CVE_data_meta : { »

ASSIGNER : security@vmware.com (string)

ID : CVE-2020-3953 (string)

STATE : PUBLIC (string)

}

affects : { »

vendor : { »

vendor_data : [ »

0 : { »

product : { »

product_data : [ »

0 : { »

product_name : VMware vRealize Log Insight (string)

version : { »

version_data : [ »

0 : { »

version_value : VMware vRealize Log Insight prior to 8.1.0 (string)

}

]

}

]

}

vendor_name : n/a (string)

}

]

}

data_format : MITRE (string)

data_type : CVE (string)

data_version : 4.0 (string)

description : { »

description_data : [ »

0 : { »

lang : eng (string)

value : Cross Site Scripting (XSS) vulnerability exists in VMware vRealize Log Insight prior to 8.1.0 due to improper Input validation. (string)

}

]

}

problemtype : { »

problemtype_data : [ »

0 : { »

description : [ »

0 : { »

lang : eng (string)

value : Stored XSS (string)

}

]

}

]

}

references : { »

reference_data : [ »

0 : { »

name : https://www.vmware.com/security/advisories/VMSA-2020-0007.html (string)

refsource : MISC (string)

url : https://www.vmware.com/security/advisories/VMSA-2020-0007.html (string)

}

]

}

adp : [ »

0 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-04T07:52:20.252Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

tags : [ »

0 : x_refsource_MISC (string)

1 : x_transferred (string)

]

url : https://www.vmware.com/security/advisories/VMSA-2020-0007.html (string)

}

]

}

]

}

cveMetadata : { »

assignerOrgId : dcf2e128-44bd-42ed-91e8-88f912c1401d (string)

assignerShortName : vmware (string)

cveId : CVE-2020-3953 (string)

datePublished : 2020-04-15T17:20:09 (string)

dateReserved : 2019-12-30T00:00:00 (string)

dateUpdated : 2024-08-04T07:52:20.252Z (string)

state : PUBLISHED (string)

}

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:vmware:vrealize_log_insight:*:*:*:*:*:*:*:*", "matchCriteriaId": "34B2D584-D67D-42EE-86D3-F6C9386F5899", "versionEndExcluding": "8.1.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Cross Site Scripting (XSS) vulnerability exists in VMware vRealize Log Insight prior to 8.1.0 due to improper Input validation."}, {"lang": "es", "value": "Hay una vulnerabilidad de tipo Cross Site Scripting (XSS) en VMware vRealize Log Insight versiones anteriores a 8.1.0, debido a una comprobaci\u00f3n de entrada inapropiada."}], "id": "CVE-2020-3953", "lastModified": "2024-11-21T05:32:01.627", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 3.5, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 6.8, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 1.7, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-04-15T18:15:15.520", "references": [{"source": "security@vmware.com", "tags": ["Vendor Advisory"], "url": "https://www.vmware.com/security/advisories/VMSA-2020-0007.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.vmware.com/security/advisories/VMSA-2020-0007.html"}], "sourceIdentifier": "security@vmware.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}, {"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:vmware:vrealize_log_insight:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 34B2D584-D67D-42EE-86D3-F6C9386F5899 (string)

versionEndExcluding : 8.1.0 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : Cross Site Scripting (XSS) vulnerability exists in VMware vRealize Log Insight prior to 8.1.0 due to improper Input validation. (string)

}

1 : { »

lang : es (string)

value : Hay una vulnerabilidad de tipo Cross Site Scripting (XSS) en VMware vRealize Log Insight versiones anteriores a 8.1.0, debido a una comprobación de entrada inapropiada. (string)

}

]

id : CVE-2020-3953 (string)

lastModified : 2024-11-21T05:32:01.627 (string)

metrics : { »

cvssMetricV2 : [ »

0 : { »

acInsufInfo : false (boolean)

baseSeverity : LOW (string)

cvssData : { »

accessComplexity : MEDIUM (string)

accessVector : NETWORK (string)

authentication : SINGLE (string)

availabilityImpact : NONE (string)

baseScore : 3.5 (number)

confidentialityImpact : NONE (string)

integrityImpact : PARTIAL (string)

vectorString : AV:N/AC:M/Au:S/C:N/I:P/A:N (string)

version : 2.0 (string)

}

exploitabilityScore : 6.8 (number)

impactScore : 2.9 (number)

obtainAllPrivilege : false (boolean)

obtainOtherPrivilege : false (boolean)

obtainUserPrivilege : false (boolean)

source : nvd@nist.gov (string)

type : Primary (string)

userInteractionRequired : true (boolean)

}

]

cvssMetricV31 : [ »

0 : { »

cvssData : { »

attackComplexity : LOW (string)

attackVector : NETWORK (string)

availabilityImpact : NONE (string)

baseScore : 4.8 (number)

baseSeverity : MEDIUM (string)

confidentialityImpact : LOW (string)

integrityImpact : LOW (string)

privilegesRequired : HIGH (string)

scope : CHANGED (string)

userInteraction : REQUIRED (string)

vectorString : CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N (string)

version : 3.1 (string)

}

exploitabilityScore : 1.7 (number)

impactScore : 2.7 (number)

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

published : 2020-04-15T18:15:15.520 (string)

references : [ »

0 : { »

source : security@vmware.com (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : https://www.vmware.com/security/advisories/VMSA-2020-0007.html (string)

}

1 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : https://www.vmware.com/security/advisories/VMSA-2020-0007.html (string)

}

]

sourceIdentifier : security@vmware.com (string)

vulnStatus : Modified (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-20 (string)

}

1 : { »

lang : en (string)

value : CWE-79 (string)

}

]

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication Single

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication Single

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object