Description

XXE during an EventPublisher update can occur in Management Console in WSO2 API Manager 3.0.0 and earlier, API Manager Analytics 2.5.0 and earlier, API Microgateway 2.2.0, Enterprise Integrator 6.4.0 and earlier, IS as Key Manager 5.9.0 and earlier, Identity Server 5.9.0 and earlier, and Identity Server Analytics 5.6.0 and earlier.

Remediation

References

https://docs.wso2.com/display/Security/Security+Advisory+WSO2-2019-0665

Related Vulnerabilities

CVE-2011-2093 Vulnerability in maven package com.adobe.blazeds:blazeds-core

CVE-2017-3159 Vulnerability in maven package org.apache.camel:camel-snakeyaml

CVE-2022-46769 Vulnerability in maven package org.apache.sling:org.apache.sling.cms.ui

CVE-2023-34189 Vulnerability in maven package org.apache.inlong:manager-service

CVE-2023-25767 Vulnerability in maven package org.jenkins-ci.plugins:azure-credentials

Severity

High

Classification

CWE-611 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Tags

Vendor Advisory