CVE-2020-24589

Name of the Vulnerable Software and Affected Versions WSO2 API Manager versions prior to 3.1.0 API Microgateway version 2.2.0

Description The issue allows XML External Entity injection (XXE) attacks. XXE attacks occur when an application parses XML input that contains malicious external entities, which can lead to sensitive data exposure or other security issues.

Recommendations For WSO2 API Manager versions prior to 3.1.0, update to version 3.1.0 or later to resolve the issue. For API Microgateway version 2.2.0, consider disabling XML parsing or restricting external entity references until a patch is available.