CVE-2020-14519

HIGH Year: 2020
CVSS v3 Score
7.5
High
CVSS v2 Score
5.0
Medium
Weakness Type
CWE-346
View all →

Vulnerability Description

This vulnerability allows an attacker to use the internal WebSockets API for CodeMeter (All versions prior to 7.00 are affected, including Version 7.0 or newer with the affected WebSockets API still enabled. This is especially relevant for systems or devices where a web browser is used to access a web server) via a specifically crafted Java Script payload, which may allow alteration or creation of license files for when combined with CVE-2020-14515.

Related Vulnerabilities

CVE-2001-1452

HIGH
CVSS:7.5(High)

By default, DNS servers on Windows NT 4.0 and Windows 2000 Server cache glue records received from non-delegated name servers, which allows remote attackers to poison the DNS cache via spoofed DNS res...

CWE-3462001

CVE-2005-0877

HIGH
CVSS:7.5(High)

Dnsmasq before 2.21 allows remote attackers to poison the DNS cache via answers to queries that were not made by Dnsmasq.

CWE-3462005

CVE-2014-1487

HIGH
CVSS:7.5(High)

The Web workers implementation in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 allows remote attackers to bypass the Same Origin Policy...

CWE-3462014

CVE-2016-5168

HIGH
CVSS:7.5(High)

Skia, as used in Google Chrome before 50.0.2661.94, allows remote attackers to bypass the Same Origin Policy and obtain sensitive information.

CWE-3462016

CVE-2016-9902

HIGH
CVSS:7.5(High)

The Pocket toolbar button, once activated, listens for events fired from it's own pages but does not verify the origin of incoming events. This allows content from other origins to fire events and inj...

CWE-3462016

CVE-2017-7561

HIGH
CVSS:7.5(High)

Red Hat JBoss EAP version 3.0.7 through before 4.0.0.Beta1 is vulnerable to a server-side cache poisoning or CORS requests in the JAX-RS component resulting in a moderate impact.

CWE-3462017