Description
The Management Console in certain WSO2 products allows XXE attacks during EventReceiver updates. This affects API Manager through 3.0.0, API Manager Analytics 2.2.0 and 2.5.0, API Microgateway 2.2.0, Enterprise Integrator 6.2.0 and 6.3.0, and Identity Server Analytics through 5.6.0.
Remediation
References
https://docs.wso2.com/display/Security/Security+Advisory+WSO2-2020-0728
Related Vulnerabilities
CVE-2023-35161 Vulnerability in maven package org.xwiki.platform:xwiki-platform-appwithinminutes-ui
CVE-2020-17150 Vulnerability in npm package typescript-tslint-plugin
CVE-2022-36893 Vulnerability in maven package org.jenkins-ci.plugins:rpmsign-plugin
CVE-2023-42278 Vulnerability in maven package cn.hutool:hutool-core
CVE-2021-41766 Vulnerability in maven package org.apache.karaf:apache-karaf