Description

The Management Console in certain WSO2 products allows XXE attacks during EventReceiver updates. This affects API Manager through 3.0.0, API Manager Analytics 2.2.0 and 2.5.0, API Microgateway 2.2.0, Enterprise Integrator 6.2.0 and 6.3.0, and Identity Server Analytics through 5.6.0.

Remediation

References

https://docs.wso2.com/display/Security/Security+Advisory+WSO2-2020-0728

Related Vulnerabilities

CVE-2021-21181 Vulnerability in npm package electron

CVE-2023-28443 Vulnerability in npm package directus

CVE-2017-1000394 Vulnerability in maven package org.jenkins-ci.main:jenkins-core

CVE-2022-25883 Vulnerability in maven package org.webjars.npm:semver

CVE-2016-6637 Vulnerability in maven package org.cloudfoundry.identity:cloudfoundry-identity-server

Severity

High

Classification

CWE-611 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H

Tags

Vendor Advisory