PT-2020-13748 · Wso2 · Wso2 Is+2

Published

2020-06-06

Updated

2020-06-10

CVE-2020-13883

CVSS v3.1

6.7

Medium

Vector

AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:H

Name of the Vulnerable Software and Affected Versions WSO2 API Manager versions 3.0.0 and earlier WSO2 API Microgateway version 2.2.0 WSO2 IS as Key Manager versions 5.9.0 and earlier

Description The issue allows XXE (XML External Entity) attacks during the addition or update of a Lifecycle in the Management Console.

Recommendations For WSO2 API Manager versions 3.0.0 and earlier, update to a version that includes the fix for this issue. For WSO2 API Microgateway version 2.2.0, update to a version that includes the fix for this issue. For WSO2 IS as Key Manager versions 5.9.0 and earlier, update to a version that includes the fix for this issue.

Fix

XXE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-611

Related Identifiers

CVE-2020-13883

Affected Products

Wso2 Api Manager

Wso2 Api Microgateway

Wso2 Is

PT-2020-13748 · Wso2 · Wso2 Is+2

CVE-2020-13883

Weakness Enumeration

Related Identifiers

Affected Products

References · 3