Lucene search
K

178 matches found

ATTACKERKB
ATTACKERKB
added 2020/08/21 8:15 p.m.5 views

CVE-2020-24589

The Management Console in WSO2 API Manager through 3.1.0 and API Microgateway 2.2.0 allows XML External Entity injection XXE attacks...

9.1CVSS5.3AI score0.26939EPSS
Exploits0References3
Prion
Prion
added 2020/08/21 8:15 p.m.21 views

Design/Logic Flaw

The Management Console in WSO2 API Manager through 3.1.0 and API Microgateway 2.2.0 allows XML Entity Expansion attacks...

6.4CVSS9.1AI score0.0126EPSS
Exploits0References1Affected Software2
CVE
CVE
added 2020/08/21 7:6 p.m.94 views

CVE-2020-24589

CVE-2020-24589 affects WSO2 API Manager up to 3.1.0 and API Microgateway 2.2.0 with XML External Entity (XXE) injection in the Management Console. The vulnerability arises from improper XML parsing, potentially allowing access to server files and interaction with backend systems. In practice, CVE...

9.1CVSS9.3AI score0.26939EPSS
In wildExploits0References1Affected Software2
Cvelist
Cvelist
added 2020/08/21 7:5 p.m.29 views

CVE-2020-24590

The Management Console in WSO2 API Manager through 3.1.0 and API Microgateway 2.2.0 allows XML Entity Expansion attacks...

9.1CVSS9.3AI score0.0126EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2020/08/21 12:0 a.m.32 views

CVE-2020-24590

The Management Console in WSO2 API Manager through 3.1.0 and API Microgateway 2.2.0 allows XML Entity Expansion attacks. Recent assessments: krzysztof-przybylski at August 29, 2020 11:16pm UTC reported: Severity: Critical CVSS Score: 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H AFFECTED...

9.1CVSS1.8AI score0.0126EPSS
Exploits0References2
CNVD
CNVD
added 2020/06/08 12:0 a.m.3 views

WSO2 API Manager and WSO2 API Microgateway, WSO2 IS as Key Manager Code Issue Vulnerabilities

WSO2 API Manager and so on are the products of WSO2 Corporation in the U.S.A. WSO2 API Manager is a set of API lifecycle management solutions.WSO2 API Microgateway is a cloud-native, scalable API gateway product.WSO2 IS as Key Manager is a key manager. A code issue vulnerability exists in...

6.7CVSS7.1AI score0.008EPSS
Exploits0References1
NVD
NVD
added 2020/06/06 7:15 p.m.19 views

CVE-2020-13883

In WSO2 API Manager 3.0.0 and earlier, WSO2 API Microgateway 2.2.0, and WSO2 IS as Key Manager 5.9.0 and earlier, Management Console allows XXE during addition or update of a Lifecycle...

6.7CVSS5.9AI score0.008EPSS
Exploits0References1
OSV
OSV
added 2020/06/06 7:15 p.m.23 views

CVE-2020-13883

In WSO2 API Manager 3.0.0 and earlier, WSO2 API Microgateway 2.2.0, and WSO2 IS as Key Manager 5.9.0 and earlier, Management Console allows XXE during addition or update of a Lifecycle...

6.7CVSS6.9AI score
Exploits0References1
OSV
OSV
added 2020/05/20 12:15 p.m.15 views

CVE-2020-13226

WSO2 API Manager 3.0.0 does not properly restrict outbound network access from a Publisher node, opening up the possibility of SSRF to this node's entire intranet...

9.8CVSS6.8AI score
Exploits0References4
Cvelist
Cvelist
added 2020/05/20 11:42 a.m.27 views

CVE-2020-13226

WSO2 API Manager 3.0.0 does not properly restrict outbound network access from a Publisher node, opening up the possibility of SSRF to this node's entire intranet...

9.5AI score0.02088EPSS
Exploits0References4
OSV
OSV
added 2020/05/08 12:15 a.m.20 views

CVE-2020-12719

XXE during an EventPublisher update can occur in Management Console in WSO2 API Manager 3.0.0 and earlier, API Manager Analytics 2.5.0 and earlier, API Microgateway 2.2.0, Enterprise Integrator 6.4.0 and earlier, IS as Key Manager 5.9.0 and earlier, Identity Server 5.9.0 and earlier, and Identity...

7.2CVSS6.9AI score
Exploits0References1
Prion
Prion
added 2020/05/08 12:15 a.m.20 views

Code injection

XXE during an EventPublisher update can occur in Management Console in WSO2 API Manager 3.0.0 and earlier, API Manager Analytics 2.5.0 and earlier, API Microgateway 2.2.0, Enterprise Integrator 6.4.0 and earlier, IS as Key Manager 5.9.0 and earlier, Identity Server 5.9.0 and earlier, and Identity...

6.5CVSS7AI score0.01034EPSS
Exploits0References1Affected Software7
CNVD
CNVD
added 2020/05/08 12:0 a.m.16 views

Multiple WSO2 product code issue vulnerabilities

WSO2 API Manager and so on are the products of the United States WSO2 company.WSO2 API Manager is a set of API lifecycle management solutions.WSO2 Identity Server IS is an identity server.WSO2 Enterprise Integrator is a set of open source hybrid integration platform. A security vulnerability exis...

8.7CVSS6.7AI score0.01034EPSS
Exploits0References1
CVE
CVE
added 2020/05/07 11:40 p.m.99 views

CVE-2020-12719

CVE-2020-12719 describes an XXE condition that can occur during an EventPublisher update in the Management Console of several WSO2 products. Affected products and versions include WSO2 API Manager 3.0.0 and earlier, API Manager Analytics 2.5.0 and earlier, API Microgateway 2.2.0, Enterprise Integ...

8.7CVSS6.9AI score0.01034EPSS
Exploits0References1Affected Software7
0day.today
0day.today
added 2020/04/14 12:0 a.m.24 views

WSO2 3.1.0 - Persistent Cross-Site Scripting Vulnerability

Exploit for java platform in category web applications Title: WSO2 3.1.0 - Persistent Cross-Site Scripting Author: raki ben hamouda Vendor: https://apim.docs.wso2.com Softwrare link: https://apim.docs.wso2.com/en/latest/ CVE: N/A Advisory:...

7.4AI score
Exploits0
0day.today
0day.today
added 2020/04/13 12:0 a.m.20 views

WSO2 3.1.0 - Arbitrary File Delete Vulnerability

Exploit for java platform in category web applications Title: WSO2 3.1.0 - Arbitrary File Delete Author: raki ben hamouda Vendor: https://apim.docs.wso2.com Softwrare link: https://apim.docs.wso2.com/en/latest/ CVE: N/A Document Title: =============== WOS2 API ManagerDelete Extension Arbitrary Fi...

0.1AI score
Exploits0
Packet Storm
Packet Storm
added 2020/04/13 12:0 a.m.185 views

WSO2 API Manager Carbon Interface 3.0.0 Cross Site Scripting

Document Title: =============== WSO2 API Manager Stored XSS Vulnerability Common Vulnerability Scoring System: ==================================== 5.4 CVE : =================== N/A Security Advisory : =================== https://docs.wso2.com/display/Security/Security+Advisory+WSO2-2020-0700...

Exploits0
Exploit DB
Exploit DB
added 2020/04/13 12:0 a.m.146 views

WSO2 3.1.0 - Arbitrary File Delete

Title: WSO2 3.1.0 - Arbitrary File Delete Date: 2020-04-12 Author: raki ben hamouda Vendor: https://apim.docs.wso2.com Softwrare link: https://apim.docs.wso2.com/en/latest/ CVE: N/A Document Title: =============== WOS2 API ManagerDelete Extension Arbitrary File DeletePath traversal CVE not assign...

7.4AI score
Exploits0
CNVD
CNVD
added 2020/02/11 12:0 a.m.5 views

WSO2 API Manager Cross-Site Scripting Vulnerability (CNVD-2020-05094)

WSO2 API Manager is an open source api management platform , provides a series of api creation , release , lifecycle management , version control , monetization, governance and security features , used to support organizations to achieve soa. A cross-site scripting vulnerability exists in WSO2 AP...

4.8CVSS6.4AI score0.008EPSS
Exploits1References1
CNVD
CNVD
added 2020/02/11 12:0 a.m.3 views

WSO2 API Manager Cross-Site Scripting Vulnerability (CNVD-2020-05078)

WSO2 API Manager is an open source api management platform , provides a series of api creation , release , lifecycle management , version control , monetization, governance and security features , used to support organizations to achieve soa. A cross-site scripting vulnerability exists in WSO2 AP...

4.8CVSS6.4AI score0.00729EPSS
Exploits1References1
Rows per page
Query Builder