Lucene search
K
Wso2Api Manager Analytics

11 matches found

CVE
CVE
added 2022/04/21 12:0 a.m.749 views

CVE-2022-29548

CVE-2022-29548 is a reflected Cross-Site Scripting (XSS) vulnerability in the WSO2 Management Console affecting API Manager and related products (e.g., API Manager 2.2.0, 2.5.0, 2.6.0, 3.0.0–3.2.0, 4.0.0; API Manager Analytics; API Microgateway; Data Analytics Server; Enterprise Integrator; IS as...

6.1CVSS5.8AI score0.40481EPSS
Web
CVE
CVE
added 2020/05/07 11:40 p.m.98 views

CVE-2020-12719

CVE-2020-12719 describes an XXE condition that can occur during an EventPublisher update in the Management Console of several WSO2 products. Affected products and versions include WSO2 API Manager 3.0.0 and earlier, API Manager Analytics 2.5.0 and earlier, API Microgateway 2.2.0, Enterprise Integ...

8.7CVSS6.9AI score0.01034EPSS
CVE
CVE
added 2021/04/05 12:0 a.m.94 views

CVE-2020-17453

WSO2 Carbon Management Console

6.1CVSS5.9AI score0.26118EPSS
In wildWeb
CVE
CVE
added 2020/08/21 7:5 p.m.75 views

CVE-2020-24591

The CVE concerns an XML External Entity (XXE) vulnerability in the Management Console of several WSO2 products during EventReceiver updates. Affected are API Manager up to 3.0.0; API Manager Analytics 2.2.0 and 2.5.0; API Microgateway 2.2.0; Enterprise Integrator 6.2.0 and 6.3.0; and Identity Ser...

6.5CVSS6.4AI score0.01033EPSS
CVE
CVE
added 2023/12/18 8:32 a.m.71 views

CVE-2023-6911

CVE-2023-6911 affects WSO2 products, with the root cause described as improper output encoding in the Registry feature of the Management Console, enabling a Stored Cross Site Scripting (XSS) payload injection. The issue is documented across multiple sources (including Red Hat, Veracode, GHSA/osv ...

4.8CVSS5AI score0.00406EPSS
CVE
CVE
added 2023/12/15 9:26 a.m.63 views

CVE-2023-6836

CVE-2023-6836 refers to an XML External Entity (XXE) vulnerability affecting multiple WSO2 products (notably WSO2 API Manager). The underlying issue is an XML parser feature that can be abused to access sensitive information. The CVSS data in the initial document shows a high impact with network ...

7.5CVSS7.6AI score0.00482EPSS
CVE
CVE
added 2020/08/27 12:0 a.m.56 views

CVE-2020-24705

CVE-2020-24705 describes a session hijacking vulnerability in several WSO2 products where a valid Carbon Management Console session cookie can be sent to an attacker-controlled server after a crafted Try It request. Affected are WSO2 API Manager (through 3.1.0), API Manager Analytics (2.5.0), IS ...

8.8CVSS8.4AI score0.0105EPSS
CVE
CVE
added 2020/08/27 12:0 a.m.55 views

CVE-2020-24703

CVE-2020-24703 affects multiple WSO2 products: API Manager 2.2.0, API Manager Analytics 2.2.0, API Microgateway 2.2.0, Data Analytics Server 3.2.0, Enterprise Integrator through 6.6.0, IS as Key Manager 5.5.0, Identity Server 5.5.0 and 5.8.0, Identity Server Analytics 5.5.0, and IoT Server 3.3.0–...

8.8CVSS8.4AI score0.0105EPSS
CVE
CVE
added 2020/08/27 12:0 a.m.52 views

CVE-2020-24704

CVE-2020-24704 is a reflected XSS vulnerability affecting multiple WSO2 products (API Manager, API Manager Analytics, API Microgateway, Data Analytics Server, Enterprise Integrator, IS as Key Manager, Identity Server/Analytics, and IoT Server) with versions listed in the Initial description. The ...

6.1CVSS6.2AI score0.00722EPSS
CVE
CVE
added 2020/08/27 12:0 a.m.52 views

CVE-2020-24706

WSO2 advisory CVE-2020-24706 affects API Manager (through 3.1.0), API Manager Analytics (2.5.0), IS as Key Manager (through 5.10.0), Identity Server (through 5.10.0), Identity Server Analytics (through 5.6.0), and IoT Server (3.1.0). Root cause: Try It tool allows Reflected XSS. Impact: potential...

6.1CVSS6.2AI score0.0079EPSS
CVE
CVE
added 2025/10/16 12:33 p.m.22 views

CVE-2025-9804

The CVE-2025-9804 entry concerns multiple WSO2 products (e.g., API Manager family) with an improper access-control flaw due to insufficient permission enforcement in internal SOAP Admin Services and System REST APIs. The root cause is limited access-control checks on internal interfaces, allowing...

9.6CVSS6.5AI score0.00509EPSS