Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES SCA (Software Composition Analysis)

CVE-2020-24591 Vulnerability in maven package org.wso2.carbon.analytics-common:org.wso2.carbon.event.receiver.core

Description

The Management Console in certain WSO2 products allows XXE attacks during EventReceiver updates. This affects API Manager through 3.0.0, API Manager Analytics 2.2.0 and 2.5.0, API Microgateway 2.2.0, Enterprise Integrator 6.2.0 and 6.3.0, and Identity Server Analytics through 5.6.0.

Remediation

References

https://docs.wso2.com/display/Security/Security+Advisory+WSO2-2020-0728

Related Vulnerabilities

CVE-2023-25157 Vulnerability in maven package org.geoserver.community:gs-jdbcconfig

CVE-2019-17513 Vulnerability in maven package io.ratpack:ratpack-core

CVE-2023-40338 Vulnerability in maven package org.jenkins-ci.plugins:cloudbees-folder

CVE-2023-33008 Vulnerability in maven package org.apache.johnzon:johnzon

CVE-2022-43409 Vulnerability in maven package org.jenkins-ci.plugins.workflow:workflow-support

Severity

High

Classification

CWE-611 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H

Tags

Vendor Advisory