Api Manager@* Security Vulnerabilities and Issues — Api Manager@* CVE List

Lucene search

Wso2Api Manager*

8 matches found

CVE•added 2020/06/06 7:15 p.m.•88 views

CVE-2020-13883

In WSO2 API Manager 3.0.0 and earlier, WSO2 API Microgateway 2.2.0, and WSO2 IS as Key Manager 5.9.0 and earlier, Management Console allows XXE during addition or update of a Lifecycle.

6.7CVSS6.5AI score0.00279EPSS

CVE•added 2020/05/08 12:15 a.m.•79 views

CVE-2020-12719

XXE during an EventPublisher update can occur in Management Console in WSO2 API Manager 3.0.0 and earlier, API Manager Analytics 2.5.0 and earlier, API Microgateway 2.2.0, Enterprise Integrator 6.4.0 and earlier, IS as Key Manager 5.9.0 and earlier, Identity Server 5.9.0 and earlier, and Identity S...

8.7CVSS6.9AI score0.00403EPSS

CVE•added 2020/08/21 8:15 p.m.•75 views

CVE-2020-24589

The Management Console in WSO2 API Manager through 3.1.0 and API Microgateway 2.2.0 allows XML External Entity injection (XXE) attacks.

9.1CVSS9.3AI score0.89204EPSS

CVE•added 2020/08/21 8:15 p.m.•75 views

CVE-2020-24590

The Management Console in WSO2 API Manager through 3.1.0 and API Microgateway 2.2.0 allows XML Entity Expansion attacks.

9.1CVSS9.2AI score0.00562EPSS

CVE•added 2020/08/21 8:15 p.m.•55 views

CVE-2020-24591

The Management Console in certain WSO2 products allows XXE attacks during EventReceiver updates. This affects API Manager through 3.0.0, API Manager Analytics 2.2.0 and 2.5.0, API Microgateway 2.2.0, Enterprise Integrator 6.2.0 and 6.3.0, and Identity Server Analytics through 5.6.0.

6.5CVSS6.4AI score0.00403EPSS

CVE•added 2020/10/21 10:15 p.m.•41 views

CVE-2020-17454

WSO2 API Manager 3.1.0 and earlier has reflected XSS on the "publisher" component's admin interface. More precisely, it is possible to inject an XSS payload into the owner POST parameter, which does not filter user inputs. By putting an XSS payload in place of a valid Owner Name, a modal box appear...

6.1CVSS5.9AI score0.0042EPSS

CVE•added 2020/08/27 4:15 p.m.•38 views

CVE-2020-24705

An issue was discovered in certain WSO2 products. A valid Carbon Management Console session cookie may be sent to an attacker-controlled server if the victim submits a crafted Try It request, aka Session Hijacking. This affects API Manager through 3.1.0, API Manager Analytics 2.5.0, IS as Key Manag...

8.8CVSS8.4AI score0.00397EPSS

CVE•added 2020/08/27 4:15 p.m.•34 views

CVE-2020-24706

An issue was discovered in certain WSO2 products. The Try It tool allows Reflected XSS. This affects API Manager through 3.1.0, API Manager Analytics 2.5.0, IS as Key Manager through 5.10.0, Identity Server through 5.10.0, Identity Server Analytics through 5.6.0, and IoT Server 3.1.0.

6.1CVSS6.2AI score0.00603EPSS