CVE-2020-11885

Name of the Vulnerable Software and Affected Versions WSO2 Enterprise Integrator versions prior to 6.6.0

Description The issue allows a user with admin console access to exploit an XXE vulnerability using the XML validator. This can lead to unintended network invocations, such as Server-Side Request Forgery (SSRF), via an uploaded file. No information is provided about the estimated number of potentially affected devices or real-world incidents where this issue was exploited.

Recommendations For versions prior to 6.6.0, update to version 6.6.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the XML validator feature to minimize the risk of exploitation.