Design/Logic Flaw

2020-04-1720:15:00

PRIOn knowledge base

www.prio-n.com

6.9 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

42.8%

JSON

WSO2 Enterprise Integrator through 6.6.0 has an XXE vulnerability where a user (with admin console access) can use the XML validator to make unintended network invocations such as SSRF via an uploaded file.

CPENameOperatorVersion
enterprise_integratorle6.6.0

CPE	Name	Operator	Version
	enterprise_integrator	le	6.6.0

References

docs.wso2.com/display/Security/Security+Advisory+WSO2-2020-0684