Lucene search
Veracode Vulnerability DatabaseVERACODE:35499HistoryMay 12, 2022 - 12:47 p.m.
XML External Entity (XXE) Injection
2022-05-1212:47:17
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
33
0.03 Low
EPSS
Percentile
91.0%
WSO2 Identity Application Management Component is vulnerable to XML external entity attacks. The vulnerability exists in unmarshalSP function in ApplicationManagementServiceImpl.java because the SP file content is not parsed securely during unmarshalling which allows an attacker to gain access to sensitive information and perform unauthorized actions.
References
packetstormsecurity.com/files/167465/WSO2-Management-Console-XML-Injection.html
seclists.org/fulldisclosure/2022/Jun/7
docs.wso2.com/display/Security/Security+Advisory+WSO2-2021-1289
github.com/advisories/GHSA-rjgm-f3mv-p89p
github.com/wso2/carbon-identity-framework/commit/e9119883ee02a884f3c76c7bbc4022a4f4c58fc0
github.com/wso2/carbon-identity-framework/pull/3472
Related
cvelist
cvelist
CVE-2021-42646
2022-05-11 00:00:00
nvd
nvd
CVE-2021-42646
2022-05-11 18:15:23
prion
prion
Xxe
2022-05-11 18:15:00
osv
osv
CVE-2021-42646
2022-05-11 18:15:23
cve
cve
CVE-2021-42646
2022-05-11 18:15:23