Description
XXE during an EventPublisher update can occur in Management Console in WSO2 API Manager 3.0.0 and earlier, API Manager Analytics 2.5.0 and earlier, API Microgateway 2.2.0, Enterprise Integrator 6.4.0 and earlier, IS as Key Manager 5.9.0 and earlier, Identity Server 5.9.0 and earlier, and Identity Server Analytics 5.6.0 and earlier.
Remediation
References
https://docs.wso2.com/display/Security/Security+Advisory+WSO2-2019-0665
Related Vulnerabilities
CVE-2023-28681 Vulnerability in maven package org.jenkins-ci.plugins:vs-code-metrics
CVE-2021-33604 Vulnerability in maven package com.vaadin:flow-server
CVE-2020-2182 Vulnerability in maven package org.jenkins-ci.plugins:credentials-binding
CVE-2016-6637 Vulnerability in maven package org.cloudfoundry.identity:cloudfoundry-identity-login
CVE-2017-2654 Vulnerability in maven package org.jenkins-ci.plugins:email-ext