CVE-2020-14519
Last modified
CVE-2020-14519 is a high-severity vulnerability rated 7.5/10 on the CVSS scale. This vulnerability allows an attacker to use the internal WebSockets API for CodeMeter (All versions prior to 7.00 are affected, including Version 7.0 or newer with the affected WebSockets API still enabled. This is especially relevant for systems or devices where a web browser is used to access a web server) via a specifically crafted Java Script payload, which may allow alteration or creation of license files for when combined with CVE-2020-14515.. EPSS estimates a 0.64% chance of exploitation in the next 30 days.
Description
This vulnerability allows an attacker to use the internal WebSockets API for CodeMeter (All versions prior to 7.00 are affected, including Version 7.0 or newer with the affected WebSockets API still enabled. This is especially relevant for systems or devices where a web browser is used to access a web server) via a specifically crafted Java Script payload, which may allow alteration or creation of license files for when combined with CVE-2020-14515.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Wibu | Codemeter | < 7.00 |
References
- https://us-cert.cisa.gov/ics/advisories/icsa-20-203-01Third Party Advisory, US Government Resource
- https://us-cert.cisa.gov/ics/advisories/icsa-20-203-01Third Party Advisory, US Government Resource
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2020-14519?
How severe is CVE-2020-14519?
How do I fix CVE-2020-14519?
Are you affected by CVE-2020-14519?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST