PT-2020-15754 · Wso2 · Wso2 Identity Server Analytics+4
Published
2020-08-21
·
Updated
2022-04-19
·
CVE-2020-24591
CVSS v3.1
6.5
Medium
| Vector | AC:L/AV:N/A:H/C:H/I:N/PR:H/S:U/UI:N |
Name of the Vulnerable Software and Affected Versions
WSO2 API Manager versions prior to 3.0.0
WSO2 API Manager Analytics versions 2.2.0 and 2.5.0
WSO2 API Microgateway version 2.2.0
WSO2 Enterprise Integrator versions 6.2.0 and 6.3.0
WSO2 Identity Server Analytics versions prior to 5.6.0
Description
The issue allows XXE attacks during EventReceiver updates in the Management Console of certain WSO2 products.
Recommendations
For WSO2 API Manager versions prior to 3.0.0, update to version 3.0.0 or later.
For WSO2 API Manager Analytics versions 2.2.0 and 2.5.0, update to a version that is not affected by this issue.
For WSO2 API Microgateway version 2.2.0, update to a version that is not affected by this issue.
For WSO2 Enterprise Integrator versions 6.2.0 and 6.3.0, update to a version that is not affected by this issue.
For WSO2 Identity Server Analytics versions prior to 5.6.0, update to version 5.6.0 or later.
Fix
XXE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Wso2 Api Manager
Wso2 Api Manager Analytics
Wso2 Api Microgateway
Wso2 Enterprise Integrator
Wso2 Identity Server Analytics