Description
XXE during an EventPublisher update can occur in Management Console in WSO2 API Manager 3.0.0 and earlier, API Manager Analytics 2.5.0 and earlier, API Microgateway 2.2.0, Enterprise Integrator 6.4.0 and earlier, IS as Key Manager 5.9.0 and earlier, Identity Server 5.9.0 and earlier, and Identity Server Analytics 5.6.0 and earlier.
Remediation
References
https://docs.wso2.com/display/Security/Security+Advisory+WSO2-2019-0665
Related Vulnerabilities
CVE-2021-41616 Vulnerability in maven package org.apache.ddlutils:ddlutils
CVE-2017-1000397 Vulnerability in maven package org.jenkins-ci.main:maven-plugin
CVE-2014-0119 Vulnerability in maven package org.apache.tomcat:tomcat-util-scan
CVE-2023-37956 Vulnerability in maven package org.jenkins-ci.plugins:test-results-aggregator
CVE-2023-34234 Vulnerability in npm package @openzeppelin/contracts