Description
XXE during an EventPublisher update can occur in Management Console in WSO2 API Manager 3.0.0 and earlier, API Manager Analytics 2.5.0 and earlier, API Microgateway 2.2.0, Enterprise Integrator 6.4.0 and earlier, IS as Key Manager 5.9.0 and earlier, Identity Server 5.9.0 and earlier, and Identity Server Analytics 5.6.0 and earlier.
Remediation
References
https://docs.wso2.com/display/Security/Security+Advisory+WSO2-2019-0665
Related Vulnerabilities
CVE-2015-7559 Vulnerability in maven package org.apache.activemq:activemq-client
CVE-2022-43402 Vulnerability in maven package org.jenkins-ci.plugins.workflow:workflow-cps
CVE-2019-10087 Vulnerability in maven package org.apache.jspwiki:jspwiki-war
CVE-2020-1959 Vulnerability in maven package org.apache.syncope.client:syncope-client-enduser
CVE-2023-37958 Vulnerability in maven package org.jenkins-ci.plugins:sumologic-publisher