Description

The Management Console in certain WSO2 products allows XXE attacks during EventReceiver updates. This affects API Manager through 3.0.0, API Manager Analytics 2.2.0 and 2.5.0, API Microgateway 2.2.0, Enterprise Integrator 6.2.0 and 6.3.0, and Identity Server Analytics through 5.6.0.

Remediation

References

https://docs.wso2.com/display/Security/Security+Advisory+WSO2-2020-0728

Related Vulnerabilities

CVE-2022-42467 Vulnerability in maven package org.apache.isis.core:isis-core-config

CVE-2012-3544 Vulnerability in maven package org.apache.tomcat:tomcat-coyote

CVE-2021-21605 Vulnerability in maven package org.jenkins-ci.main:jenkins-core

CVE-2020-1940 Vulnerability in maven package org.apache.jackrabbit:oak-core

CVE-2018-8026 Vulnerability in maven package org.apache.solr:solr-core

Severity

High

Classification

CWE-611 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H

Tags

Vendor Advisory