33 matches found
CVE-2020-24589
CVE-2020-24589 affects WSO2 API Manager up to 3.1.0 and API Microgateway 2.2.0 with XML External Entity (XXE) injection in the Management Console. The vulnerability arises from improper XML parsing, potentially allowing access to server files and interaction with backend systems. In practice, CVE...
CVE-2020-24591
The CVE concerns an XML External Entity (XXE) vulnerability in the Management Console of several WSO2 products during EventReceiver updates. Affected are API Manager up to 3.0.0; API Manager Analytics 2.2.0 and 2.5.0; API Microgateway 2.2.0; Enterprise Integrator 6.2.0 and 6.3.0; and Identity Ser...
CVE-2020-24591
The Management Console in certain WSO2 products allows XXE attacks during EventReceiver updates. This affects API Manager through 3.0.0, API Manager Analytics 2.2.0 and 2.5.0, API Microgateway 2.2.0, Enterprise Integrator 6.2.0 and 6.3.0, and Identity Server Analytics through 5.6.0...
CVE-2020-24590
The CVE-2020-24590 entry affects the WSO2 API Manager Management Console (versions up to 3.1.0) and API Microgateway (2.2.0). It stems from XML Entity Expansion/XEE in the XML processing path, enabling attackers to cause denial of service or crash the system, with examples indicating unauthentica...
CVE-2020-24590
The Management Console in WSO2 API Manager through 3.1.0 and API Microgateway 2.2.0 allows XML Entity Expansion attacks...
CVE-2020-24590
The Management Console in WSO2 API Manager through 3.1.0 and API Microgateway 2.2.0 allows XML Entity Expansion attacks. Recent assessments: krzysztof-przybylski at August 29, 2020 11:16pm UTC reported: Severity: Critical CVSS Score: 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H AFFECTED...
PT-2020-15752 · Wso2 · Api Microgateway +1
Name of the Vulnerable Software and Affected Versions: WSO2 API Manager versions prior to 3.1.0 API Microgateway version 2.2.0 Description: The issue allows XML External Entity injection XXE attacks. XXE attacks occur when an application parses XML input that contains malicious external entities,...
WSO2 API Manager and WSO2 API Microgateway, WSO2 IS as Key Manager Code Issue Vulnerabilities
WSO2 API Manager and so on are the products of WSO2 Corporation in the U.S.A. WSO2 API Manager is a set of API lifecycle management solutions.WSO2 API Microgateway is a cloud-native, scalable API gateway product.WSO2 IS as Key Manager is a key manager. A code issue vulnerability exists in...
CVE-2020-13883
In WSO2 API Manager 3.0.0 and earlier, WSO2 API Microgateway 2.2.0, and WSO2 IS as Key Manager 5.9.0 and earlier, Management Console allows XXE during addition or update of a Lifecycle...
CVE-2020-13883
In WSO2 API Manager 3.0.0 and earlier, WSO2 API Microgateway 2.2.0, and WSO2 IS as Key Manager 5.9.0 and earlier, Management Console allows XXE during addition or update of a Lifecycle...
CVE-2020-12719
XXE during an EventPublisher update can occur in Management Console in WSO2 API Manager 3.0.0 and earlier, API Manager Analytics 2.5.0 and earlier, API Microgateway 2.2.0, Enterprise Integrator 6.4.0 and earlier, IS as Key Manager 5.9.0 and earlier, Identity Server 5.9.0 and earlier, and Identity...
Code injection
XXE during an EventPublisher update can occur in Management Console in WSO2 API Manager 3.0.0 and earlier, API Manager Analytics 2.5.0 and earlier, API Microgateway 2.2.0, Enterprise Integrator 6.4.0 and earlier, IS as Key Manager 5.9.0 and earlier, Identity Server 5.9.0 and earlier, and Identity...
CVE-2020-12719
CVE-2020-12719 describes an XXE condition that can occur during an EventPublisher update in the Management Console of several WSO2 products. Affected products and versions include WSO2 API Manager 3.0.0 and earlier, API Manager Analytics 2.5.0 and earlier, API Microgateway 2.2.0, Enterprise Integ...