Description
XXE during an EventPublisher update can occur in Management Console in WSO2 API Manager 3.0.0 and earlier, API Manager Analytics 2.5.0 and earlier, API Microgateway 2.2.0, Enterprise Integrator 6.4.0 and earlier, IS as Key Manager 5.9.0 and earlier, Identity Server 5.9.0 and earlier, and Identity Server Analytics 5.6.0 and earlier.
Remediation
References
https://docs.wso2.com/display/Security/Security+Advisory+WSO2-2019-0665
Related Vulnerabilities
CVE-2023-4918 Vulnerability in maven package org.keycloak:keycloak-services
CVE-2018-1000136 Vulnerability in npm package electron
CVE-2016-0734 Vulnerability in maven package org.apache.activemq:activemq-web-console
CVE-2020-12480 Vulnerability in maven package com.typesafe.play:play_2.13
CVE-2021-21626 Vulnerability in maven package io.jenkins.plugins:warnings-ng