Description
In WSO2 API Manager 3.0.0 and earlier, WSO2 API Microgateway 2.2.0, and WSO2 IS as Key Manager 5.9.0 and earlier, Management Console allows XXE during addition or update of a Lifecycle.
Remediation
References
https://docs.wso2.com/display/Security/Security+Advisory+WSO2-2020-0727
Related Vulnerabilities
CVE-2018-17184 Vulnerability in maven package org.apache.syncope:syncope-core
CVE-2015-0227 Vulnerability in maven package org.apache.wss4j:wss4j-ws-security-dom
CVE-2023-33939 Vulnerability in maven package com.liferay:com.liferay.portal.search.web
CVE-2016-2141 Vulnerability in maven package org.jgroups:jgroups
CVE-2013-4590 Vulnerability in maven package org.apache.tomcat:tomcat-jasper