Description
XXE during an EventPublisher update can occur in Management Console in WSO2 API Manager 3.0.0 and earlier, API Manager Analytics 2.5.0 and earlier, API Microgateway 2.2.0, Enterprise Integrator 6.4.0 and earlier, IS as Key Manager 5.9.0 and earlier, Identity Server 5.9.0 and earlier, and Identity Server Analytics 5.6.0 and earlier.
Remediation
References
https://docs.wso2.com/display/Security/Security+Advisory+WSO2-2019-0665
Related Vulnerabilities
CVE-2011-2481 Vulnerability in maven package org.apache.tomcat:tomcat-catalina
CVE-2016-4055 Vulnerability in maven package org.webjars.bower:moment
CVE-2014-3500 Vulnerability in npm package cordova-android
CVE-2017-7661 Vulnerability in maven package org.apache.cxf.fediz:fediz-jetty9
CVE-2013-2160 Vulnerability in maven package org.apache.cxf:cxf-parent