Description

XXE during an EventPublisher update can occur in Management Console in WSO2 API Manager 3.0.0 and earlier, API Manager Analytics 2.5.0 and earlier, API Microgateway 2.2.0, Enterprise Integrator 6.4.0 and earlier, IS as Key Manager 5.9.0 and earlier, Identity Server 5.9.0 and earlier, and Identity Server Analytics 5.6.0 and earlier.

Remediation

References

https://docs.wso2.com/display/Security/Security+Advisory+WSO2-2019-0665

Related Vulnerabilities

CVE-2020-4077 Vulnerability in npm package electron

CVE-2018-6341 Vulnerability in maven package org.webjars.bowergithub.vuejs:vue

CVE-2022-22965 Vulnerability in maven package org.springframework:spring-beans

CVE-2023-2850 Vulnerability in npm package nodebb

CVE-2020-1941 Vulnerability in maven package org.apache.activemq:activemq-web-console

Severity

High

Classification

CWE-611 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Tags

Vendor Advisory