CVE-2024-2374 XML External Entity Injection in Multiple WSO2 Products Allows Arbitrary file read and Denial of Service

🗓️ 16 Apr 2026 08:12:58Reported by WSO2Type

XML External Entity Injection in multiple WSO2 products allows reading files and DoS via external entities.

Reporter	Title	Published	Views	Family All 9
ATTACKERKB	CVE-2024-2374	16 Apr 202608:12	–	attackerkb
Circl	CVE-2024-2374	16 Apr 202610:08	–	circl
CNNVD	WSO2 Identity Server和WSO2 API Manager Developer Portal 安全漏洞	16 Apr 202600:00	–	cnnvd
CVE	CVE-2024-2374	16 Apr 202608:12	–	cve
EUVD	EUVD-2024-27327	16 Apr 202609:31	–	euvd
NVD	CVE-2024-2374	16 Apr 202609:16	–	nvd
Positive Technologies	PT-2026-33283	16 Apr 202600:00	–	ptsecurity
RedhatCVE	CVE-2024-2374	5 Jun 202618:48	–	redhatcve
Vulnrichment	CVE-2024-2374 XML External Entity Injection in Multiple WSO2 Products Allows Arbitrary file read and Denial of Service	16 Apr 202608:12	–	vulnrichment

[
  {
    "vendor": "WSO2",
    "product": "WSO2 API Manager",
    "versions": [
      {
        "status": "unknown",
        "version": "0",
        "lessThan": "3.1.0",
        "versionType": "custom"
      },
      {
        "status": "affected",
        "version": "3.1.0",
        "lessThan": "3.1.0.278",
        "versionType": "custom"
      },
      {
        "status": "affected",
        "version": "3.2.0",
        "lessThan": "3.2.0.368",
        "versionType": "custom"
      },
      {
        "status": "affected",
        "version": "4.0.0",
        "lessThan": "4.0.0.280",
        "versionType": "custom"
      },
      {
        "status": "affected",
        "version": "4.1.0",
        "lessThan": "4.1.0.206",
        "versionType": "custom"
      },
      {
        "status": "affected",
        "version": "4.2.0",
        "lessThan": "4.2.0.144",
        "versionType": "custom"
      },
      {
        "status": "affected",
        "version": "4.3.0",
        "lessThan": "4.3.0.57",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unaffected"
  },
  {
    "vendor": "WSO2",
    "product": "WSO2 Identity Server",
    "versions": [
      {
        "status": "unknown",
        "version": "0",
        "lessThan": "5.10.0",
        "versionType": "custom"
      },
      {
        "status": "affected",
        "version": "5.10.0",
        "lessThan": "5.10.0.300",
        "versionType": "custom"
      },
      {
        "status": "affected",
        "version": "5.11.0",
        "lessThan": "5.11.0.329",
        "versionType": "custom"
      },
      {
        "status": "affected",
        "version": "6.0.0",
        "lessThan": "6.0.0.179",
        "versionType": "custom"
      },
      {
        "status": "affected",
        "version": "6.1.0",
        "lessThan": "6.1.0.136",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unaffected"
  },
  {
    "vendor": "WSO2",
    "product": "WSO2 Open Banking AM",
    "versions": [
      {
        "status": "unknown",
        "version": "0",
        "lessThan": "2.0.0",
        "versionType": "custom"
      },
      {
        "status": "affected",
        "version": "2.0.0",
        "lessThan": "2.0.0.328",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unaffected"
  },
  {
    "vendor": "WSO2",
    "product": "WSO2 Open Banking IAM",
    "versions": [
      {
        "status": "unknown",
        "version": "0",
        "lessThan": "2.0.0",
        "versionType": "custom"
      },
      {
        "status": "affected",
        "version": "2.0.0",
        "lessThan": "2.0.0.348",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unaffected"
  },
  {
    "vendor": "WSO2",
    "product": "WSO2 Identity Server as Key Manager",
    "versions": [
      {
        "status": "unknown",
        "version": "0",
        "lessThan": "5.10.0",
        "versionType": "custom"
      },
      {
        "status": "affected",
        "version": "5.10.0",
        "lessThan": "5.10.0.296",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

Source	Link
security	www.security.docs.wso2.com/en/latest/security-announcements/security-advisories/2026/WSO2-2024-3255/

16 Apr 2026 08:12Current

CVSS 3.17.5

EPSS0.00377

CWE-611