Description
The Management Console in certain WSO2 products allows XXE attacks during EventReceiver updates. This affects API Manager through 3.0.0, API Manager Analytics 2.2.0 and 2.5.0, API Microgateway 2.2.0, Enterprise Integrator 6.2.0 and 6.3.0, and Identity Server Analytics through 5.6.0.
Remediation
References
https://docs.wso2.com/display/Security/Security+Advisory+WSO2-2020-0728
Related Vulnerabilities
CVE-2016-4987 Vulnerability in maven package com.tupilabs.image_gallery:image-gallery
CVE-2023-6927 Vulnerability in maven package org.keycloak:keycloak-common
CVE-2023-27495 Vulnerability in npm package @fastify/csrf-protection
CVE-2016-4468 Vulnerability in maven package org.cloudfoundry.identity:cloudfoundry-identity-uaa
CVE-2023-48219 Vulnerability in maven package org.webjars:tinymce