Description

The Management Console in certain WSO2 products allows XXE attacks during EventReceiver updates. This affects API Manager through 3.0.0, API Manager Analytics 2.2.0 and 2.5.0, API Microgateway 2.2.0, Enterprise Integrator 6.2.0 and 6.3.0, and Identity Server Analytics through 5.6.0.

Remediation

References

https://docs.wso2.com/display/Security/Security+Advisory+WSO2-2020-0728

Related Vulnerabilities

CVE-2020-7009 Vulnerability in maven package org.elasticsearch:elasticsearch

CVE-2011-4838 Vulnerability in maven package org.jruby:jruby-stdlib

CVE-2019-11777 Vulnerability in maven package org.eclipse.paho:org.eclipse.paho.client.mqttv3

CVE-2016-1182 Vulnerability in maven package struts:struts

CVE-2023-49380 Vulnerability in maven package com.jfinal:jfinal

Severity

High

Classification

CWE-611 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H

Tags

Vendor Advisory