Description
The Management Console in certain WSO2 products allows XXE attacks during EventReceiver updates. This affects API Manager through 3.0.0, API Manager Analytics 2.2.0 and 2.5.0, API Microgateway 2.2.0, Enterprise Integrator 6.2.0 and 6.3.0, and Identity Server Analytics through 5.6.0.
Remediation
References
https://docs.wso2.com/display/Security/Security+Advisory+WSO2-2020-0728
Related Vulnerabilities
CVE-2023-32992 Vulnerability in maven package io.jenkins.plugins:miniorange-saml-sp
CVE-2018-1000176 Vulnerability in maven package org.jenkins-ci.plugins:email-ext
CVE-2020-16023 Vulnerability in maven package org.webjars.npm:electron
CVE-2018-8014 Vulnerability in maven package org.apache.tomcat:tomcat-catalina
CVE-2020-11971 Vulnerability in maven package org.apache.camel:camel-management