PT-2020-13227 · Wso2 · Wso2 Identity Server Analytics+6
Published
2020-05-07
·
Updated
2020-05-14
·
CVE-2020-12719
CVSS v3.1
8.7
High
| Vector | AC:L/AV:N/A:H/C:H/I:N/PR:H/S:C/UI:N |
Name of the Vulnerable Software and Affected Versions
WSO2 API Manager versions 3.0.0 and earlier
WSO2 API Manager Analytics versions 2.5.0 and earlier
WSO2 API Microgateway version 2.2.0
WSO2 Enterprise Integrator versions 6.4.0 and earlier
WSO2 IS as Key Manager versions 5.9.0 and earlier
WSO2 Identity Server versions 5.9.0 and earlier
WSO2 Identity Server Analytics versions 5.6.0 and earlier
Description
The issue occurs due to an XXE during an EventPublisher update in the Management Console. This affects various WSO2 products.
Recommendations
For WSO2 API Manager versions 3.0.0 and earlier, update to a version that contains a fix for this issue.
For WSO2 API Manager Analytics versions 2.5.0 and earlier, update to a version that contains a fix for this issue.
For WSO2 API Microgateway version 2.2.0, update to a version that contains a fix for this issue.
For WSO2 Enterprise Integrator versions 6.4.0 and earlier, update to a version that contains a fix for this issue.
For WSO2 IS as Key Manager versions 5.9.0 and earlier, update to a version that contains a fix for this issue.
For WSO2 Identity Server versions 5.9.0 and earlier, update to a version that contains a fix for this issue.
For WSO2 Identity Server Analytics versions 5.6.0 and earlier, update to a version that contains a fix for this issue.
Fix
XXE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Wso2 Api Manager
Wso2 Api Manager Analytics
Wso2 Api Microgateway
Wso2 Enterprise Integrator
Wso2 Is As Key Manager
Wso2 Identity Server
Wso2 Identity Server Analytics