Description

The Management Console in certain WSO2 products allows XXE attacks during EventReceiver updates. This affects API Manager through 3.0.0, API Manager Analytics 2.2.0 and 2.5.0, API Microgateway 2.2.0, Enterprise Integrator 6.2.0 and 6.3.0, and Identity Server Analytics through 5.6.0.

Remediation

References

https://docs.wso2.com/display/Security/Security+Advisory+WSO2-2020-0728

Related Vulnerabilities

CVE-2023-32081 Vulnerability in maven package io.vertx:vertx-stomp

CVE-2017-5662 Vulnerability in maven package batik:batik-dom

CVE-2016-2175 Vulnerability in maven package org.apache.pdfbox:jempbox

CVE-2010-4207 Vulnerability in maven package org.webjars:yui

CVE-2018-1199 Vulnerability in maven package org.springframework.security:spring-security-config

Severity

High

Classification

CWE-611 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H

Tags

Vendor Advisory