CVE-2020-13883

In WSO2 API Manager 3.0.0 and earlier, WSO2 API Microgateway 2.2.0, and WSO2 IS as Key Manager 5.9.0 and earlier, Management Console allows XXE during addition or update of a Lifecycle...

WSO2 API Manager Code Issue Vulnerability

WSO2 API Manager is a suite of API lifecycle management solutions from WSO2, Inc. A code issue vulnerability exists in WSO2 API Manager version 3.0.0, which stems from the program's failure to properly restrict network access to Publisher nodes, and can be exploited by attackers to obtain sensiti...

CVE-2020-13226

WSO2 API Manager 3.0.0 does not properly restrict outbound network access from a Publisher node, opening up the possibility of SSRF to this node's entire intranet...

CVE-2020-13226

WSO2 API Manager 3.0.0 does not properly restrict outbound network access from a Publisher node, opening up the possibility of SSRF to this node's entire intranet...

Code injection

WSO2 API Manager 3.0.0 does not properly restrict outbound network access from a Publisher node, opening up the possibility of SSRF to this node's entire intranet...

CVE-2020-13226

CVE-2020-13226: WSO2 API Manager 3.0.0 contains a SSRF vulnerability where outbound network access from a Publisher node is not properly restricted, allowing access to the intranet. The NVD entry notes a high base score (CVSSv3.1: 9.8, CRITICAL) with network access, low attack complexity, and no ...

CVE-2020-13226

WSO2 API Manager 3.0.0 does not properly restrict outbound network access from a Publisher node, opening up the possibility of SSRF to this node's entire intranet...

CVE-2020-12719

XXE during an EventPublisher update can occur in Management Console in WSO2 API Manager 3.0.0 and earlier, API Manager Analytics 2.5.0 and earlier, API Microgateway 2.2.0, Enterprise Integrator 6.4.0 and earlier, IS as Key Manager 5.9.0 and earlier, Identity Server 5.9.0 and earlier, and Identity...

Code injection

XXE during an EventPublisher update can occur in Management Console in WSO2 API Manager 3.0.0 and earlier, API Manager Analytics 2.5.0 and earlier, API Microgateway 2.2.0, Enterprise Integrator 6.4.0 and earlier, IS as Key Manager 5.9.0 and earlier, Identity Server 5.9.0 and earlier, and Identity...

Multiple WSO2 product code issue vulnerabilities

WSO2 API Manager and so on are the products of the United States WSO2 company.WSO2 API Manager is a set of API lifecycle management solutions.WSO2 Identity Server IS is an identity server.WSO2 Enterprise Integrator is a set of open source hybrid integration platform. A security vulnerability exis...

CVE-2020-12719

CVE-2020-12719 describes an XXE condition that can occur during an EventPublisher update in the Management Console of several WSO2 products. Affected products and versions include WSO2 API Manager 3.0.0 and earlier, API Manager Analytics 2.5.0 and earlier, API Microgateway 2.2.0, Enterprise Integ...

WSO2 3.1.0 - Persistent Cross-Site Scripting Vulnerability

Exploit for java platform in category web applications Title: WSO2 3.1.0 - Persistent Cross-Site Scripting Author: raki ben hamouda Vendor: https://apim.docs.wso2.com Softwrare link: https://apim.docs.wso2.com/en/latest/ CVE: N/A Advisory:...

WSO2 3.1.0 - Persistent Cross-Site Scripting

Title: WSO2 3.1.0 - Persistent Cross-Site Scripting Date: 2020-04-13 Author: raki ben hamouda Vendor: https://apim.docs.wso2.com Softwrare link: https://apim.docs.wso2.com/en/latest/ CVE: N/A Advisory: https://docs.wso2.com/display/Security/Security+Advisory+WSO2-2020-0700 Technical Details &...

WSO2 3.1.0 - Arbitrary File Delete Vulnerability

Exploit for java platform in category web applications Title: WSO2 3.1.0 - Arbitrary File Delete Author: raki ben hamouda Vendor: https://apim.docs.wso2.com Softwrare link: https://apim.docs.wso2.com/en/latest/ CVE: N/A Document Title: =============== WOS2 API ManagerDelete Extension Arbitrary Fi...

WSO2 3.1.0 - Arbitrary File Delete

Title: WSO2 3.1.0 - Arbitrary File Delete Date: 2020-04-12 Author: raki ben hamouda Vendor: https://apim.docs.wso2.com Softwrare link: https://apim.docs.wso2.com/en/latest/ CVE: N/A Document Title: =============== WOS2 API ManagerDelete Extension Arbitrary File DeletePath traversal CVE not assign...

WSO2 API Manager Carbon Interface 3.0.0 Cross Site Scripting

Document Title: =============== WSO2 API Manager Stored XSS Vulnerability Common Vulnerability Scoring System: ==================================== 5.4 CVE : =================== N/A Security Advisory : =================== https://docs.wso2.com/display/Security/Security+Advisory+WSO2-2020-0700...

WSO2 API Manager Cross-Site Scripting Vulnerability (CNVD-2020-05091)

WSO2 API Manager is an open source api management platform , provides a series of api creation , release , lifecycle management , version control , monetization, governance and security features , used to support organizations to achieve soa. A cross-site scripting vulnerability exists in WSO2 AP...

WSO2 API Manager Cross-Site Scripting Vulnerability (CNVD-2020-05078)

WSO2 API Manager is an open source api management platform , provides a series of api creation , release , lifecycle management , version control , monetization, governance and security features , used to support organizations to achieve soa. A cross-site scripting vulnerability exists in WSO2 AP...

WSO2 API Manager Cross-Site Scripting Vulnerability (CNVD-2020-05094)

WSO2 API Manager is an open source api management platform , provides a series of api creation , release , lifecycle management , version control , monetization, governance and security features , used to support organizations to achieve soa. A cross-site scripting vulnerability exists in WSO2 AP...

WSO2 API Manager Cross-Site Scripting Vulnerability (CNVD-2020-05092)

WSO2 API Manager is an open source api management platform , provides a series of api creation , release , lifecycle management , version control , monetization, governance and security features , used to support organizations to achieve soa. A cross-site scripting vulnerability exists in WSO2 AP...