Rewterz Threat Advisory – CVE-2020-3355 – Cisco Data Center Network Manager Stored Cross-Site Scripting Vulnerability
June 18, 2020Rewterz Threat Alert – Snake Ransomware – IOCs
June 18, 2020Rewterz Threat Advisory – CVE-2020-3355 – Cisco Data Center Network Manager Stored Cross-Site Scripting Vulnerability
June 18, 2020Rewterz Threat Alert – Snake Ransomware – IOCs
June 18, 2020Severity
Medium
Analysis Summary
CVE-2020-13665
By default, JSON:API works in a read-only mode which makes it impossible to exploit the vulnerability. Only sites that have the read_only set to FALSE under jsonapi.settings config are vulnerable.
CVE-2020-13663
The Drupal core Form API does not properly handle certain form input from cross-site requests, which can lead to other vulnerabilities.
Impact
- Access bypass
- Cross Site Request Forgery
Affected Vendors
Drupal
Affected Products
- Drupal 7.xx
- Drupal 8.xx
Remediation
Drupal recommends users to install the latest version.