Description
XXE during an EventPublisher update can occur in Management Console in WSO2 API Manager 3.0.0 and earlier, API Manager Analytics 2.5.0 and earlier, API Microgateway 2.2.0, Enterprise Integrator 6.4.0 and earlier, IS as Key Manager 5.9.0 and earlier, Identity Server 5.9.0 and earlier, and Identity Server Analytics 5.6.0 and earlier.
Remediation
References
https://docs.wso2.com/display/Security/Security+Advisory+WSO2-2019-0665
Related Vulnerabilities
CVE-2011-2093 Vulnerability in maven package com.adobe.blazeds:blazeds-core
CVE-2017-3159 Vulnerability in maven package org.apache.camel:camel-snakeyaml
CVE-2022-46769 Vulnerability in maven package org.apache.sling:org.apache.sling.cms.ui
CVE-2023-34189 Vulnerability in maven package org.apache.inlong:manager-service
CVE-2023-25767 Vulnerability in maven package org.jenkins-ci.plugins:azure-credentials