Description

XXE during an EventPublisher update can occur in Management Console in WSO2 API Manager 3.0.0 and earlier, API Manager Analytics 2.5.0 and earlier, API Microgateway 2.2.0, Enterprise Integrator 6.4.0 and earlier, IS as Key Manager 5.9.0 and earlier, Identity Server 5.9.0 and earlier, and Identity Server Analytics 5.6.0 and earlier.

Remediation

References

https://docs.wso2.com/display/Security/Security+Advisory+WSO2-2019-0665

Related Vulnerabilities

CVE-2011-3190 Vulnerability in maven package org.apache.tomcat:tomcat-coyote

CVE-2017-10355 Vulnerability in maven package xerces:xercesimpl

CVE-2015-0250 Vulnerability in maven package org.eclipse.birt.runtime.3_7_1:org.apache.batik.dom

CVE-2020-2142 Vulnerability in maven package org.jenkins-ci.plugins:p4

CVE-2023-32695 Vulnerability in maven package org.webjars.npm:socket.io-parser

Severity

High

Classification

CWE-611 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Tags

Vendor Advisory