Lucene search
K

178 matches found

OSV
OSV
added 2025/05/05 9:31 a.m.7 views

GHSA-H94W-8QHG-3XMC WSO2 API Manager XML External Entity (XXE) vulnerability

An XML External Entity XXE vulnerability exists in the gateway component of WSO2 API Manager due to insufficient validation of XML input in crafted URL paths. User-supplied XML is parsed without appropriate restrictions, enabling external entity resolution. This vulnerability can be exploited by ...

9.1CVSS6.9AI score0.01146EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2025/05/05 9:31 a.m.23 views

WSO2 API Manager XML External Entity (XXE) vulnerability

An XML External Entity XXE vulnerability exists in the gateway component of WSO2 API Manager due to insufficient validation of XML input in crafted URL paths. User-supplied XML is parsed without appropriate restrictions, enabling external entity resolution. This vulnerability can be exploited by ...

9.1CVSS6.9AI score0.01146EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2025/05/05 9:15 a.m.43 views

CVE-2025-2905

Due to the improper configuration of XML parser, user-supplied XML is parsed without applying sufficient restrictions, enabling XML External Entity XXE resolution in multiple WSO2 Products. A successful XXE attack could allow a remote, unauthenticated attacker to: Read sensitive files from the...

9.1CVSS0.01146EPSS
Exploits0References1
OSV
OSV
added 2025/05/05 9:15 a.m.4 views

CVE-2025-2905

Due to the improper configuration of XML parser, user-supplied XML is parsed without applying sufficient restrictions, enabling XML External Entity XXE resolution in multiple WSO2 Products. A successful XXE attack could allow a remote, unauthenticated attacker to: Read sensitive files from the...

9.1CVSS6.7AI score
Exploits0References1
Cvelist
Cvelist
added 2025/05/05 9:2 a.m.49 views

CVE-2025-2905 An XML External Entity (XXE) vulnerability in Multiple WSO2 Products

Due to the improper configuration of XML parser, user-supplied XML is parsed without applying sufficient restrictions, enabling XML External Entity XXE resolution in multiple WSO2 Products. A successful XXE attack could allow a remote, unauthenticated attacker to: Read sensitive files from the...

9.1CVSS0.01146EPSS
Exploits0References1
CVE
CVE
added 2025/05/05 9:2 a.m.182 views

CVE-2025-2905

The CVE-2025-2905 entry describes an XML External Entity (XXE) vulnerability in the WSO2 API Manager gateway component due to insufficient validation of XML input. The issue allows unauthenticated remote attackers to read server filesystem files and perform denial-of-service (DoS) attacks. Affect...

9.1CVSS6.2AI score0.01146EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2025/05/05 9:2 a.m.22 views

CVE-2025-2905 An XML External Entity (XXE) vulnerability in Multiple WSO2 Products

Due to the improper configuration of XML parser, user-supplied XML is parsed without applying sufficient restrictions, enabling XML External Entity XXE resolution in multiple WSO2 Products. A successful XXE attack could allow a remote, unauthenticated attacker to: Read sensitive files from the...

9.1CVSS6.2AI score0.01146EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/05/05 12:0 a.m.5 views

PT-2025-19376

Name of the Vulnerable Software and Affected Versions WSO2 API Manager versions 2.0.0 and earlier Description An XML External Entity XXE vulnerability exists in the gateway component of WSO2 API Manager due to insufficient validation of XML input in crafted URL paths. User-supplied XML is parsed...

9.1CVSS6.6AI score0.01146EPSS
Exploits0References35
RedhatCVE
RedhatCVE
added 2025/02/05 4:22 p.m.8 views

CVE-2020-12719

XXE during an EventPublisher update can occur in Management Console in WSO2 API Manager 3.0.0 and earlier, API Manager Analytics 2.5.0 and earlier, API Microgateway 2.2.0, Enterprise Integrator 6.4.0 and earlier, IS as Key Manager 5.9.0 and earlier, Identity Server 5.9.0 and earlier, and Identity...

8.7CVSS6.8AI score0.01034EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/02/05 2:33 p.m.10 views

CVE-2020-24590

The Management Console in WSO2 API Manager through 3.1.0 and API Microgateway 2.2.0 allows XML Entity Expansion attacks...

9.1CVSS6.8AI score0.0126EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/02/05 2:32 p.m.12 views

CVE-2020-24589

The Management Console in WSO2 API Manager through 3.1.0 and API Microgateway 2.2.0 allows XML External Entity injection XXE attacks...

9.1CVSS7.1AI score0.26939EPSS
Exploits0
GithubExploit
GithubExploit
added 2025/01/17 5:34 p.m.143 views

Exploit for Path Traversal in Wso2 Api_Manager

Exploit CVE-2022-29464 Este repositorio contiene un script pa...

10CVSS9.6AI score0.99999EPSS
Exploits22
Positive Technologies
Positive Technologies
added 2025/01/14 12:0 a.m.5 views

PT-2025-3690

Name of the Vulnerable Software and Affected Versions WSO2 API Manager affected versions not specified Description The issue allows for unauthenticated account creation, potentially leading to a fully compromised system. It requires the WSDLs of admin services to be enabled first. Recommendations...

4.3CVSS6.4AI score0.0054EPSS
Exploits0References7
Rapid7 Blog
Rapid7 Blog
added 2025/01/10 7:46 p.m.19 views

Metasploit Wrap-Up 01/10/2025

New module content 5 OneDev Unauthenticated Arbitrary File Read Authors: Siebene and vultza Type: Auxiliary Pull request: 19614 contributed by vultza Path: gather/onedevarbitraryfileread AttackerKB reference: CVE-2024-45309 Description: This adds an exploit module for an unauthenticated arbitrary...

8.7CVSS9.7AI score0.24822EPSS
Exploits8
Positive Technologies
Positive Technologies
added 2024/12/30 12:0 a.m.4 views

PT-2024-37954 · Wso2 · Wso2 Api Manager

Name of the Vulnerable Software and Affected Versions: WSO2 API Manager affected versions not specified Description: The issue allows remote attackers to bypass authentication on affected installations. Authentication is not required to exploit this issue. The specific flaw exists in an exposed...

9.8CVSS6.3AI score0.00585EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2024/12/30 12:0 a.m.5 views

PT-2024-38061 · Wso2 · Wso2 Api Manager

Name of the Vulnerable Software and Affected Versions: WSO2 API Manager affected versions not specified Description: The issue allows remote attackers to execute arbitrary code on affected installations of WSO2 API Manager. Authentication is required to exploit this issue. The specific flaw exist...

6.8CVSS7.2AI score0.09756EPSS
Exploits0References7
Zero Day Initiative
Zero Day Initiative
added 2024/12/30 12:0 a.m.8 views

WSO2 API Manager Exposed Dangerous Function Authentication Bypass Vulnerability

This vulnerability allows remote attackers to bypass authentication on affected installations of WSO2 API Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the user self-registration process. The issue results from the...

8.1CVSS7.2AI score0.00585EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2024/12/30 12:0 a.m.7 views

WSO2 API Manager SynapseArtifactUploaderAdmin Unrestricted File Upload Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of WSO2 API Manager. Authentication is required to exploit this vulnerability. The specific flaw exists within the SynapseArtifactUploaderAdmin endpoint, which listens on TCP port 9443 by default. The...

7.2CVSS7.8AI score0.09756EPSS
Exploits0References1
Metasploit
Metasploit
added 2024/12/16 6:55 p.m.667 views

WSO2 API Manager Documentation File Upload Remote Code Execution

A vulnerability in the 'Add API Documentation' feature allows malicious users with specific permissions /permission/admin/login and /permission/admin/manage/api/publish to upload arbitrary files to a user-controlled server location. This flaw could be exploited to execute remote code, enabling an...

5.9AI score
Exploits0
VulnCheck KEV
VulnCheck KEV
added 2024/01/22 12:0 a.m.3 views

VulnCheck KEV: CVE-2020-24589

The Management Console in WSO2 API Manager through 3.1.0 and API Microgateway 2.2.0 allows XML External Entity injection XXE attacks...

9.1CVSS7.3AI score0.26939EPSS
Exploits0References1
Rows per page
Query Builder