Description

The Management Console in certain WSO2 products allows XXE attacks during EventReceiver updates. This affects API Manager through 3.0.0, API Manager Analytics 2.2.0 and 2.5.0, API Microgateway 2.2.0, Enterprise Integrator 6.2.0 and 6.3.0, and Identity Server Analytics through 5.6.0.

Remediation

References

https://docs.wso2.com/display/Security/Security+Advisory+WSO2-2020-0728

Related Vulnerabilities

CVE-2015-7559 Vulnerability in maven package org.apache.activemq:activemq-all

CVE-2022-22932 Vulnerability in maven package org.apache.karaf:apache-karaf

CVE-2018-12544 Vulnerability in maven package io.vertx:vertx-web-api-contract

CVE-2015-0254 Vulnerability in maven package org.apache.taglibs:taglibs-standard-impl

CVE-2013-4330 Vulnerability in maven package org.apache.camel:camel-core

Severity

High

Classification

CWE-611 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H

Tags

Vendor Advisory