Lucene search

Ed10eef1-636d-4fbe-9993-6890dfa878f8CVE-2023-6836

HistoryDec 15, 2023 - 10:15 a.m.

CVE-2023-6836

2023-12-1510:15:09

CWE-611

ed10eef1-636d-4fbe-9993-6890dfa878f8

web.nvd.nist.gov

wso2

xml external entity

cve-2023-6836

nvd

security vulnerability

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7.3 High

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.001 Low

EPSS

Percentile

36.5%

JSON

Multiple WSO2 products have been identified as vulnerable due to an XML External Entity (XXE) attack abuses a widely available but rarely used feature of XML parsers to access sensitive information.

CPENameOperatorVersion
wso2:api_managerwso2 api managerle3.0.0
wso2:api_managerwso2 api managereq1.9.0
wso2:api_managerwso2 api managereq1.5.0
wso2:api_managerwso2 api managereq1.3.1
wso2:api_managerwso2 api managereq2.5.0
wso2:api_managerwso2 api managereq2.0.0
wso2:api_managerwso2 api managereq1.8.0
wso2:api_managerwso2 api managereq1.10.0
wso2:api_managerwso2 api managereq3.0.0
wso2:api_managerwso2 api managereq-

CPE	Name	Operator	Version
wso2:api_manager	wso2 api manager	le	3.0.0
wso2:api_manager	wso2 api manager	eq	1.9.0
wso2:api_manager	wso2 api manager	eq	1.5.0
wso2:api_manager	wso2 api manager	eq	1.3.1
wso2:api_manager	wso2 api manager	eq	2.5.0
wso2:api_manager	wso2 api manager	eq	2.0.0
wso2:api_manager	wso2 api manager	eq	1.8.0
wso2:api_manager	wso2 api manager	eq	1.10.0
wso2:api_manager	wso2 api manager	eq	3.0.0
wso2:api_manager	wso2 api manager	eq	-

Rows per page:

1-10 of 211

References

security.docs.wso2.com/en/latest/security-announcements/security-advisories/2021/WSO2-2020-0716/

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7.3 High

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.001 Low

EPSS

Percentile

36.5%

JSON

Related for CVE-2023-6836