CVE-2019-20437

An issue was discovered in WSO2 API Manager 2.6.0, WSO2 IS as Key Manager 5.7.0, and WSO2 Identity Server 5.8.0. When a custom claim dialect with an XSS payload is configured in the identity provider basic claim configuration, that payload gets executed, if a user picks up that dialect's URI as t...

CVE-2020-24591

The Management Console in certain WSO2 products allows XXE attacks during EventReceiver updates. This affects API Manager through 3.0.0, API Manager Analytics 2.2.0 and 2.5.0, API Microgateway 2.2.0, Enterprise Integrator 6.2.0 and 6.3.0, and Identity Server Analytics through 5.6.0...

CVE-2020-24705

An issue was discovered in certain WSO2 products. A valid Carbon Management Console session cookie may be sent to an attacker-controlled server if the victim submits a crafted Try It request, aka Session Hijacking. This affects API Manager through 3.1.0, API Manager Analytics 2.5.0, IS as Key...

WSO2多款产品 安全漏洞

WSO2 Open Banking AM and others are products of WSO2, Inc. of the U.S.A. WSO2 Open Banking AM is an Open Banking Accelerator.WSO2 Open Banking IAM is an identity and access management solution for the Open Banking OB space.WSO2 Traffic WSO2 Traffic Manager is a component for regulating and managi...

CVE-2025-11093

An arbitrary code execution vulnerability exists in multiple WSO2 products due to insufficient restrictions in the GraalJS and NashornJS Script Mediator engines. Authenticated users with elevated privileges can execute arbitrary code within the integration runtime environment. By default, access ...

EUVD-2025-37932

An arbitrary code execution vulnerability exists in multiple WSO2 products due to insufficient restrictions in the GraalJS and NashornJS Script Mediator engines. Authenticated users with elevated privileges can execute arbitrary code within the integration runtime environment. By default, access ...

WSO2多款产品 安全漏洞

WSO2 API Manager and other products are products of WSO2 Corporation, USA.WSO2 API Manager is a set of API lifecycle management solution.WSO2 Identity Server IS is an identity server.WSO2 Enterprise Integrator is a set of open source hybrid integration platform. A security vulnerability exists in...

WSO2多款产品 安全漏洞

WSO2 API Manager is an API lifecycle management solution, WSO2 Identity Server IS is an identity server, and WSO2 API Control Plane is a control panel. A security vulnerability exists in several WSO2 products that stems from a lack of output encoding on the authentication endpoint, which could le...

WSO2多款产品 安全漏洞

WSO2 API Manager and other products are products of WSO2 Corporation, USA.WSO2 API Manager is a set of API lifecycle management solutions.WSO2 Identity Server IS is an identity server.WSO2 Enterprise Integrator is a set of open source hybrid integration platform. A security vulnerability exists i...

WSO2多款产品 安全漏洞

WSO2 API Manager and others are products of WSO2, Inc. of the U.S. WSO2 API Manager is an API lifecycle management solution.WSO2 Identity Server IS is an identity server.WSO2 Open Banking IAM is an identity and access management solution for the Open Banking domain.WSO2 Open Banking IAM is an...

PT-2025-45148

Name of the Vulnerable Software and Affected Versions WSO2 Micro Integrator affected versions not specified WSO2 Enterprise Integrator affected versions not specified WSO2 API Manager affected versions not specified Description An arbitrary code execution issue exists due to insufficient...

WSO2 API Manager 安全漏洞

WSO2 API Manager is a suite of API lifecycle management solutions from US-based WSO2. A security vulnerability exists in WSO2 API Manager that stems from the Try-It feature not properly validating user-supplied URLs, which could lead to server-side request forgery and reflective cross-site...

WSO2多款产品 安全漏洞

WSO2 API Manager and other products are products of WSO2 Corporation, USA.WSO2 API Manager is an API lifecycle management solution.WSO2 Identity Server IS is an identity server.WSO2 Enterprise Integrator is an open source hybrid integration platform. A security vulnerability exists in several WSO...

CVE-2025-9152

An improper privilege management vulnerability exists in WSO2 API Manager due to missing authentication and authorization checks in the keymanager-operations Dynamic Client Registration DCR endpoint. A malicious user can exploit this flaw to generate access tokens with elevated privileges,...

CVE-2025-9152

An improper privilege management vulnerability exists in WSO2 API Manager due to missing authentication and authorization checks in the keymanager-operations Dynamic Client Registration DCR endpoint. A malicious user can exploit this flaw to generate access tokens with elevated privileges,...

CVE-2025-9152

An improper privilege management vulnerability exists in WSO2 API Manager due to missing authentication and authorization checks in the keymanager-operations Dynamic Client Registration DCR endpoint. A malicious user can exploit this flaw to generate access tokens with elevated privileges,...

CVE-2025-9152

CVE-2025-9152 affects WSO2 API Manager (and API Control Plane) via the keymanager-operations Dynamic Client Registration endpoint. The root cause is missing authentication and authorization checks, causing improper privilege management. An attacker could generate access tokens with elevated privi...

PT-2025-42462

Name of the Vulnerable Software and Affected Versions WSO2 API Manager affected versions not specified Description A flaw exists due to missing authentication and authorization checks in the keymanager-operations Dynamic Client Registration DCR endpoint. This can allow a malicious user to generat...

WSO2多款产品 安全漏洞

WSO2 API Manager is an API lifecycle management solution, WSO2 API Manager Analytics is an analytics component, and WSO2 API Control Plane is a control panel. A security vulnerability exists in a number of WSO2 products. The vulnerability stems from insufficient enforcement of permissions in the...

EUVD-2020-5007

Malware in sbrugna...