Description
The Management Console in certain WSO2 products allows XXE attacks during EventReceiver updates. This affects API Manager through 3.0.0, API Manager Analytics 2.2.0 and 2.5.0, API Microgateway 2.2.0, Enterprise Integrator 6.2.0 and 6.3.0, and Identity Server Analytics through 5.6.0.
Remediation
References
https://docs.wso2.com/display/Security/Security+Advisory+WSO2-2020-0728
Related Vulnerabilities
CVE-2021-21641 Vulnerability in maven package org.jenkins-ci.plugins:promoted-builds
CVE-2012-0392 Vulnerability in maven package com.opensymphony:xwork-core
CVE-2016-10726 Vulnerability in maven package org.dspace:dspace-xmlui
CVE-2024-4367 Vulnerability in npm package pdfjs-dist
CVE-2011-3375 Vulnerability in maven package org.apache.tomcat.embed:tomcat-embed-core