Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
attackerkbAttackerKBAKB:0FB8787B-52BA-4246-9DEB-828BAA740F3B
HistoryAug 21, 2020 - 12:00 a.m.

CVE-2020-24590

2020-08-2100:00:00
attackerkb.com
18

0.002 Low

EPSS

Percentile

60.7%

JSON

The Management Console in WSO2 API Manager through 3.1.0 and API Microgateway 2.2.0 allows XML Entity Expansion attacks.

Recent assessments:

krzysztof-przybylski at August 29, 2020 11:16pm UTC reported:

Severity: Critical
CVSS Score: 9.1 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H)

AFFECTED PRODUCTS
WSO2 API Manager : 3.1.0 or earlier
WSO2 API Microgateway : 2.2.0

An XML External Entity injection (XXE) often allows an attacker to view files on the server file system, and to interact with any backend or external systems that the application itself can access and allows the attacker to transmit sensitive data from the compromised server to a system that the attacker controls. An XML Entity Expansion attack might result in a denial-of-service condition, causing the entire application to stop functioning. It is possible to exploit both of the above vulnerabilities without authenticating to the Management Console.

CREDITS
Krzysztof Przybylski

Assessed Attacker Value: 5
Assessed Attacker Value: 5Assessed Attacker Value: 4

Related

prion 1
cve 1
osv 1
veracode 1
cvelist 1
nvd 1
prion
prion
Design/Logic Flaw
2020-08-21 20:15:00
cve
cve
CVE-2020-24590
2020-08-21 20:15:11
osv
osv
CVE-2020-24590
2020-08-21 20:15:11
veracode
veracode
XML Entity Expansion
2022-05-10 10:32:50
cvelist
cvelist
CVE-2020-24590
2020-08-21 19:05:31
nvd
nvd
CVE-2020-24590
2020-08-21 20:15:11

0.002 Low

EPSS

Percentile

60.7%

JSON
Related for AKB:0FB8787B-52BA-4246-9DEB-828BAA740F3B
prion1cve1osv1veracode1cvelist1nvd1