Api Manager Security Vulnerabilities and Issues — Api Manager CVE List

Lucene search

Wso2Api Manager

6 matches found

CVE•added 2019/08/16 4:15 a.m.•130 views

CVE-2019-15108

An issue was discovered in WSO2 API Manager 2.6.0 before WSO2-CARBON-PATCH-4.4.0-4457. There is XSS via a crafted filename to the file-upload feature of the event simulator component.

4.8CVSS4.7AI score0.0031EPSS

CVE•added 2019/05/14 3:29 p.m.•51 views

CVE-2019-6515

An issue was discovered in WSO2 API Manager 2.6.0. Uploaded documents for API documentation are available to an unauthenticated user.

5.3CVSS5.3AI score0.0072EPSS

CVE•added 2019/05/21 10:29 p.m.•38 views

CVE-2019-6513

An issue was discovered in WSO2 API Manager 2.6.0. It is possible for a logged-in user to upload, as API documentation, any type of file by changing the extension to an allowed one.

5.5CVSS5.4AI score0.00326EPSS

CVE•added 2019/05/14 3:29 p.m.•35 views

CVE-2019-6512

An issue was discovered in WSO2 API Manager 2.6.0. It is possible to force the application to perform requests to the internal workstation (SSRF port-scanning), other adjacent workstations (SSRF network scanning), or to enumerate files because of the existence of the file:// wrapper.

4.1CVSS4.4AI score0.00224EPSS

CVE•added 2019/03/21 4:0 p.m.•30 views

CVE-2018-20737

An issue was discovered in WSO2 API Manager 2.1.0 and 2.6.0. Reflected XSS exists in the carbon part of the product.

5.4CVSS5.2AI score0.00324EPSS

CVE•added 2019/03/21 4:0 p.m.•18 views

CVE-2018-20736

An issue was discovered in WSO2 API Manager 2.1.0 and 2.6.0. A DOM-based XSS exists in the store part of the product.

5.4CVSS5.2AI score0.00318EPSS