Description

XXE during an EventPublisher update can occur in Management Console in WSO2 API Manager 3.0.0 and earlier, API Manager Analytics 2.5.0 and earlier, API Microgateway 2.2.0, Enterprise Integrator 6.4.0 and earlier, IS as Key Manager 5.9.0 and earlier, Identity Server 5.9.0 and earlier, and Identity Server Analytics 5.6.0 and earlier.

Remediation

References

https://docs.wso2.com/display/Security/Security+Advisory+WSO2-2019-0665

Related Vulnerabilities

CVE-2023-34434 Vulnerability in maven package org.apache.inlong:manager-pojo

CVE-2022-37422 Vulnerability in maven package fish.payara.server.internal.web:web-core

CVE-2019-10411 Vulnerability in maven package com.inedo.buildmaster:inedo-buildmaster

CVE-2018-1000143 Vulnerability in maven package org.jenkins-ci.plugins:ghprb

CVE-2020-5408 Vulnerability in maven package org.springframework.security:spring-security-core

Severity

High

Classification

CWE-611 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Tags

Vendor Advisory