178 matches found
GHSA-H94W-8QHG-3XMC WSO2 API Manager XML External Entity (XXE) vulnerability
An XML External Entity XXE vulnerability exists in the gateway component of WSO2 API Manager due to insufficient validation of XML input in crafted URL paths. User-supplied XML is parsed without appropriate restrictions, enabling external entity resolution. This vulnerability can be exploited by ...
WSO2 API Manager XML External Entity (XXE) vulnerability
An XML External Entity XXE vulnerability exists in the gateway component of WSO2 API Manager due to insufficient validation of XML input in crafted URL paths. User-supplied XML is parsed without appropriate restrictions, enabling external entity resolution. This vulnerability can be exploited by ...
CVE-2025-2905
Due to the improper configuration of XML parser, user-supplied XML is parsed without applying sufficient restrictions, enabling XML External Entity XXE resolution in multiple WSO2 Products. A successful XXE attack could allow a remote, unauthenticated attacker to: Read sensitive files from the...
CVE-2025-2905
Due to the improper configuration of XML parser, user-supplied XML is parsed without applying sufficient restrictions, enabling XML External Entity XXE resolution in multiple WSO2 Products. A successful XXE attack could allow a remote, unauthenticated attacker to: Read sensitive files from the...
CVE-2025-2905 An XML External Entity (XXE) vulnerability in Multiple WSO2 Products
Due to the improper configuration of XML parser, user-supplied XML is parsed without applying sufficient restrictions, enabling XML External Entity XXE resolution in multiple WSO2 Products. A successful XXE attack could allow a remote, unauthenticated attacker to: Read sensitive files from the...
CVE-2025-2905
The CVE-2025-2905 entry describes an XML External Entity (XXE) vulnerability in the WSO2 API Manager gateway component due to insufficient validation of XML input. The issue allows unauthenticated remote attackers to read server filesystem files and perform denial-of-service (DoS) attacks. Affect...
CVE-2025-2905 An XML External Entity (XXE) vulnerability in Multiple WSO2 Products
Due to the improper configuration of XML parser, user-supplied XML is parsed without applying sufficient restrictions, enabling XML External Entity XXE resolution in multiple WSO2 Products. A successful XXE attack could allow a remote, unauthenticated attacker to: Read sensitive files from the...
PT-2025-19376
Name of the Vulnerable Software and Affected Versions WSO2 API Manager versions 2.0.0 and earlier Description An XML External Entity XXE vulnerability exists in the gateway component of WSO2 API Manager due to insufficient validation of XML input in crafted URL paths. User-supplied XML is parsed...
CVE-2020-12719
XXE during an EventPublisher update can occur in Management Console in WSO2 API Manager 3.0.0 and earlier, API Manager Analytics 2.5.0 and earlier, API Microgateway 2.2.0, Enterprise Integrator 6.4.0 and earlier, IS as Key Manager 5.9.0 and earlier, Identity Server 5.9.0 and earlier, and Identity...
CVE-2020-24590
The Management Console in WSO2 API Manager through 3.1.0 and API Microgateway 2.2.0 allows XML Entity Expansion attacks...
CVE-2020-24589
The Management Console in WSO2 API Manager through 3.1.0 and API Microgateway 2.2.0 allows XML External Entity injection XXE attacks...
Exploit for Path Traversal in Wso2 Api_Manager
Exploit CVE-2022-29464 Este repositorio contiene un script pa...
PT-2025-3690
Name of the Vulnerable Software and Affected Versions WSO2 API Manager affected versions not specified Description The issue allows for unauthenticated account creation, potentially leading to a fully compromised system. It requires the WSDLs of admin services to be enabled first. Recommendations...
Metasploit Wrap-Up 01/10/2025
New module content 5 OneDev Unauthenticated Arbitrary File Read Authors: Siebene and vultza Type: Auxiliary Pull request: 19614 contributed by vultza Path: gather/onedevarbitraryfileread AttackerKB reference: CVE-2024-45309 Description: This adds an exploit module for an unauthenticated arbitrary...
PT-2024-37954 · Wso2 · Wso2 Api Manager
Name of the Vulnerable Software and Affected Versions: WSO2 API Manager affected versions not specified Description: The issue allows remote attackers to bypass authentication on affected installations. Authentication is not required to exploit this issue. The specific flaw exists in an exposed...
PT-2024-38061 · Wso2 · Wso2 Api Manager
Name of the Vulnerable Software and Affected Versions: WSO2 API Manager affected versions not specified Description: The issue allows remote attackers to execute arbitrary code on affected installations of WSO2 API Manager. Authentication is required to exploit this issue. The specific flaw exist...
WSO2 API Manager Exposed Dangerous Function Authentication Bypass Vulnerability
This vulnerability allows remote attackers to bypass authentication on affected installations of WSO2 API Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the user self-registration process. The issue results from the...
WSO2 API Manager SynapseArtifactUploaderAdmin Unrestricted File Upload Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of WSO2 API Manager. Authentication is required to exploit this vulnerability. The specific flaw exists within the SynapseArtifactUploaderAdmin endpoint, which listens on TCP port 9443 by default. The...
WSO2 API Manager Documentation File Upload Remote Code Execution
A vulnerability in the 'Add API Documentation' feature allows malicious users with specific permissions /permission/admin/login and /permission/admin/manage/api/publish to upload arbitrary files to a user-controlled server location. This flaw could be exploited to execute remote code, enabling an...
VulnCheck KEV: CVE-2020-24589
The Management Console in WSO2 API Manager through 3.1.0 and API Microgateway 2.2.0 allows XML External Entity injection XXE attacks...