WSO2 API Manager和WSO2 Identity Server（IS） 安全漏洞

WSO2 API Manager and WSO2 Identity Server are both products of the American company WSO2. WSO2 API Manager is a set of API lifecycle management solutions. WSO2 Identity Server is an identity authentication server. Both WSO2 API Manager and WSO2 Identity Server have security vulnerabilities. These...

WSO2 Identity Server 安全漏洞

WSO2 Identity Server IS is an identity server from the US-based WSO2 Inc. A security vulnerability exists in WSO2 Identity Server IS that stems from improper cryptographic design in adaptive authentication, which could lead to a cross-tenant authentication vulnerability...

org.cloudfoundry.identity:cloudfoundry-identity-api (>=3.0.0 <=4.11.0), org.cloudfoundry.identity:cloudfoundry-identity-app (>=3.0.0 <=4.11.0) +1 more potentially affected by CVE-2018-11047 via org.cloudfoundry.identity:cloudfoundry-identity-server (>=3.0.0 <=4.5.0)

org.cloudfoundry.identity:cloudfoundry-identity-server MAVEN version =3.0.0, =3.0.0, =3.0.0, =3.0.0, =4.30.0 Source cves: CVE-2018-11047 Source advisory: OSV:GHSA-R4V8-9HGX-VM6M...

org.cloudfoundry.identity:cloudfoundry-identity-api (>=3.7.0 <=3.9.1), org.cloudfoundry.identity:cloudfoundry-identity-app (>=3.7.0 <=3.9.1) +1 more potentially affected by CVE-2017-4973 via org.cloudfoundry.identity:cloudfoundry-identity-server (>=3.7.0 <=3.9.1)

org.cloudfoundry.identity:cloudfoundry-identity-server MAVEN version =3.7.0, =3.7.0, =3.7.0, =3.7.0, =3.9.1 Source cves: CVE-2017-4973 Source advisory: OSV:GHSA-PGJC-GC7G-P2C6...

CVE-2016-4312

XML external entity XXE vulnerability in the XACML flow feature in WSO2 Identity Server 5.1.0 before WSO2-CARBON-PATCH-4.4.0-0231 allows remote authenticated users with access to XACML features to read arbitrary files, cause a denial of service, conduct server-side request forgery SSRF attacks, o...