353 matches found
CVE-2020-24705
An issue was discovered in certain WSO2 products. A valid Carbon Management Console session cookie may be sent to an attacker-controlled server if the victim submits a crafted Try It request, aka Session Hijacking. This affects API Manager through 3.1.0, API Manager Analytics 2.5.0, IS as Key...
CVE-2020-24703
An issue was discovered in certain WSO2 products. A valid Carbon Management Console session cookie may be sent to an attacker-controlled server if the victim submits a crafted Try It request, aka Session Hijacking. This affects API Manager 2.2.0, API Manager Analytics 2.2.0, API Microgateway 2.2....
Cross site scripting
An issue was discovered in certain WSO2 products. The Try It tool allows Reflected XSS. This affects API Manager through 3.1.0, API Manager Analytics 2.5.0, IS as Key Manager through 5.10.0, Identity Server through 5.10.0, Identity Server Analytics through 5.6.0, and IoT Server 3.1.0...
Cross site scripting
An issue was discovered in certain WSO2 products. The Try It tool allows Reflected XSS. This affects API Manager 2.2.0, API Manager Analytics 2.2.0, API Microgateway 2.2.0, Data Analytics Server 3.2.0, Enterprise Integrator through 6.6.0, IS as Key Manager 5.5.0, Identity Server 5.5.0 and 5.8.0,...
Cross site request forgery (csrf)
An issue was discovered in certain WSO2 products. A valid Carbon Management Console session cookie may be sent to an attacker-controlled server if the victim submits a crafted Try It request, aka Session Hijacking. This affects API Manager 2.2.0, API Manager Analytics 2.2.0, API Microgateway 2.2....
Design/Logic Flaw
An issue was discovered in certain WSO2 products. A valid Carbon Management Console session cookie may be sent to an attacker-controlled server if the victim submits a crafted Try It request, aka Session Hijacking. This affects API Manager through 3.1.0, API Manager Analytics 2.5.0, IS as Key...
PT-2020-15817 · Wso2 · Wso2 Identity Server Analytics +5
Name of the Vulnerable Software and Affected Versions: WSO2 API Manager versions through 3.1.0 WSO2 API Manager Analytics version 2.5.0 WSO2 IS as Key Manager versions through 5.10.0 WSO2 Identity Server versions through 5.10.0 WSO2 Identity Server Analytics versions through 5.6.0 WSO2 IoT Server...
PT-2020-15815 · Wso2 · Wso2 Identity Server Analytics +8
Name of the Vulnerable Software and Affected Versions: WSO2 API Manager versions 2.2.0 WSO2 API Manager Analytics versions 2.2.0 WSO2 API Microgateway versions 2.2.0 WSO2 Data Analytics Server versions 3.2.0 WSO2 Enterprise Integrator versions through 6.6.0 WSO2 IS as Key Manager versions 5.5.0...
PT-2020-15814 · Wso2 · Wso2 Identity Server Analytics +8
Name of the Vulnerable Software and Affected Versions: WSO2 API Manager versions 2.2.0 WSO2 API Manager Analytics versions 2.2.0 WSO2 API Microgateway versions 2.2.0 WSO2 Data Analytics Server versions 3.2.0 WSO2 Enterprise Integrator versions through 6.6.0 WSO2 IS as Key Manager versions 5.5.0...
PT-2020-15816 · Wso2 · Wso2 Identity Server Analytics +5
Name of the Vulnerable Software and Affected Versions: WSO2 API Manager versions through 3.1.0 WSO2 API Manager Analytics version 2.5.0 WSO2 IS as Key Manager versions through 5.10.0 WSO2 Identity Server versions through 5.10.0 WSO2 Identity Server Analytics versions through 5.6.0 WSO2 IoT Server...
CVE-2020-24705
An issue was discovered in certain WSO2 products. A valid Carbon Management Console session cookie may be sent to an attacker-controlled server if the victim submits a crafted Try It request, aka Session Hijacking. This affects API Manager through 3.1.0, API Manager Analytics 2.5.0, IS as Key...
CVE-2020-24705
CVE-2020-24705 describes a session hijacking vulnerability in several WSO2 products where a valid Carbon Management Console session cookie can be sent to an attacker-controlled server after a crafted Try It request. Affected are WSO2 API Manager (through 3.1.0), API Manager Analytics (2.5.0), IS ...
CVE-2020-24706
An issue was discovered in certain WSO2 products. The Try It tool allows Reflected XSS. This affects API Manager through 3.1.0, API Manager Analytics 2.5.0, IS as Key Manager through 5.10.0, Identity Server through 5.10.0, Identity Server Analytics through 5.6.0, and IoT Server 3.1.0...
CVE-2020-24703
CVE-2020-24703 affects multiple WSO2 products: API Manager 2.2.0, API Manager Analytics 2.2.0, API Microgateway 2.2.0, Data Analytics Server 3.2.0, Enterprise Integrator through 6.6.0, IS as Key Manager 5.5.0, Identity Server 5.5.0 and 5.8.0, Identity Server Analytics 5.5.0, and IoT Server 3.3.0–...
CVE-2020-24706
WSO2 advisory CVE-2020-24706 affects API Manager (through 3.1.0), API Manager Analytics (2.5.0), IS as Key Manager (through 5.10.0), Identity Server (through 5.10.0), Identity Server Analytics (through 5.6.0), and IoT Server (3.1.0). Root cause: Try It tool allows Reflected XSS. Impact: potential...
CVE-2020-24704
An issue was discovered in certain WSO2 products. The Try It tool allows Reflected XSS. This affects API Manager 2.2.0, API Manager Analytics 2.2.0, API Microgateway 2.2.0, Data Analytics Server 3.2.0, Enterprise Integrator through 6.6.0, IS as Key Manager 5.5.0, Identity Server 5.5.0 and 5.8.0,...
CVE-2020-24704
CVE-2020-24704 is a reflected XSS vulnerability affecting multiple WSO2 products (API Manager, API Manager Analytics, API Microgateway, Data Analytics Server, Enterprise Integrator, IS as Key Manager, Identity Server/Analytics, and IoT Server) with versions listed in the Initial description. The ...
CVE-2020-24590
The Management Console in WSO2 API Manager through 3.1.0 and API Microgateway 2.2.0 allows XML Entity Expansion attacks...
CVE-2020-24590
The Management Console in WSO2 API Manager through 3.1.0 and API Microgateway 2.2.0 allows XML Entity Expansion attacks...
CVE-2020-24591
The Management Console in certain WSO2 products allows XXE attacks during EventReceiver updates. This affects API Manager through 3.0.0, API Manager Analytics 2.2.0 and 2.5.0, API Microgateway 2.2.0, Enterprise Integrator 6.2.0 and 6.3.0, and Identity Server Analytics through 5.6.0...