178 matches found
CVE-2020-24589
The Management Console in WSO2 API Manager through 3.1.0 and API Microgateway 2.2.0 allows XML External Entity injection XXE attacks...
Design/Logic Flaw
The Management Console in WSO2 API Manager through 3.1.0 and API Microgateway 2.2.0 allows XML Entity Expansion attacks...
CVE-2020-24589
CVE-2020-24589 affects WSO2 API Manager up to 3.1.0 and API Microgateway 2.2.0 with XML External Entity (XXE) injection in the Management Console. The vulnerability arises from improper XML parsing, potentially allowing access to server files and interaction with backend systems. In practice, CVE...
CVE-2020-24590
The Management Console in WSO2 API Manager through 3.1.0 and API Microgateway 2.2.0 allows XML Entity Expansion attacks...
CVE-2020-24590
The Management Console in WSO2 API Manager through 3.1.0 and API Microgateway 2.2.0 allows XML Entity Expansion attacks. Recent assessments: krzysztof-przybylski at August 29, 2020 11:16pm UTC reported: Severity: Critical CVSS Score: 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H AFFECTED...
WSO2 API Manager and WSO2 API Microgateway, WSO2 IS as Key Manager Code Issue Vulnerabilities
WSO2 API Manager and so on are the products of WSO2 Corporation in the U.S.A. WSO2 API Manager is a set of API lifecycle management solutions.WSO2 API Microgateway is a cloud-native, scalable API gateway product.WSO2 IS as Key Manager is a key manager. A code issue vulnerability exists in...
CVE-2020-13883
In WSO2 API Manager 3.0.0 and earlier, WSO2 API Microgateway 2.2.0, and WSO2 IS as Key Manager 5.9.0 and earlier, Management Console allows XXE during addition or update of a Lifecycle...
CVE-2020-13883
In WSO2 API Manager 3.0.0 and earlier, WSO2 API Microgateway 2.2.0, and WSO2 IS as Key Manager 5.9.0 and earlier, Management Console allows XXE during addition or update of a Lifecycle...
CVE-2020-13226
WSO2 API Manager 3.0.0 does not properly restrict outbound network access from a Publisher node, opening up the possibility of SSRF to this node's entire intranet...
CVE-2020-13226
WSO2 API Manager 3.0.0 does not properly restrict outbound network access from a Publisher node, opening up the possibility of SSRF to this node's entire intranet...
CVE-2020-12719
XXE during an EventPublisher update can occur in Management Console in WSO2 API Manager 3.0.0 and earlier, API Manager Analytics 2.5.0 and earlier, API Microgateway 2.2.0, Enterprise Integrator 6.4.0 and earlier, IS as Key Manager 5.9.0 and earlier, Identity Server 5.9.0 and earlier, and Identity...
Code injection
XXE during an EventPublisher update can occur in Management Console in WSO2 API Manager 3.0.0 and earlier, API Manager Analytics 2.5.0 and earlier, API Microgateway 2.2.0, Enterprise Integrator 6.4.0 and earlier, IS as Key Manager 5.9.0 and earlier, Identity Server 5.9.0 and earlier, and Identity...
Multiple WSO2 product code issue vulnerabilities
WSO2 API Manager and so on are the products of the United States WSO2 company.WSO2 API Manager is a set of API lifecycle management solutions.WSO2 Identity Server IS is an identity server.WSO2 Enterprise Integrator is a set of open source hybrid integration platform. A security vulnerability exis...
CVE-2020-12719
CVE-2020-12719 describes an XXE condition that can occur during an EventPublisher update in the Management Console of several WSO2 products. Affected products and versions include WSO2 API Manager 3.0.0 and earlier, API Manager Analytics 2.5.0 and earlier, API Microgateway 2.2.0, Enterprise Integ...
WSO2 3.1.0 - Persistent Cross-Site Scripting Vulnerability
Exploit for java platform in category web applications Title: WSO2 3.1.0 - Persistent Cross-Site Scripting Author: raki ben hamouda Vendor: https://apim.docs.wso2.com Softwrare link: https://apim.docs.wso2.com/en/latest/ CVE: N/A Advisory:...
WSO2 3.1.0 - Arbitrary File Delete Vulnerability
Exploit for java platform in category web applications Title: WSO2 3.1.0 - Arbitrary File Delete Author: raki ben hamouda Vendor: https://apim.docs.wso2.com Softwrare link: https://apim.docs.wso2.com/en/latest/ CVE: N/A Document Title: =============== WOS2 API ManagerDelete Extension Arbitrary Fi...
WSO2 API Manager Carbon Interface 3.0.0 Cross Site Scripting
Document Title: =============== WSO2 API Manager Stored XSS Vulnerability Common Vulnerability Scoring System: ==================================== 5.4 CVE : =================== N/A Security Advisory : =================== https://docs.wso2.com/display/Security/Security+Advisory+WSO2-2020-0700...
WSO2 3.1.0 - Arbitrary File Delete
Title: WSO2 3.1.0 - Arbitrary File Delete Date: 2020-04-12 Author: raki ben hamouda Vendor: https://apim.docs.wso2.com Softwrare link: https://apim.docs.wso2.com/en/latest/ CVE: N/A Document Title: =============== WOS2 API ManagerDelete Extension Arbitrary File DeletePath traversal CVE not assign...
WSO2 API Manager Cross-Site Scripting Vulnerability (CNVD-2020-05094)
WSO2 API Manager is an open source api management platform , provides a series of api creation , release , lifecycle management , version control , monetization, governance and security features , used to support organizations to achieve soa. A cross-site scripting vulnerability exists in WSO2 AP...
WSO2 API Manager Cross-Site Scripting Vulnerability (CNVD-2020-05078)
WSO2 API Manager is an open source api management platform , provides a series of api creation , release , lifecycle management , version control , monetization, governance and security features , used to support organizations to achieve soa. A cross-site scripting vulnerability exists in WSO2 AP...