CVE-2019-6512

Name of the Vulnerable Software and Affected Versions WSO2 API Manager version 2.6.0

Description An issue in WSO2 API Manager allows forcing the application to perform requests to the internal workstation, enabling SSRF port-scanning, or to adjacent workstations for SSRF network scanning. It also allows file enumeration due to the existence of the file:// wrapper.

Recommendations For WSO2 API Manager version 2.6.0, consider restricting access to the file:// wrapper as a temporary workaround until a patch is available. Additionally, restrict the application's ability to perform requests to internal or adjacent workstations to minimize the risk of SSRF exploitation.