CVE-2022-29548

Name of the Vulnerable Software and Affected Versions WSO2 API Manager versions 2.2.0 through 4.0.0 WSO2 API Manager Analytics versions 2.2.0 through 2.6.0 WSO2 API Microgateway version 2.2.0 WSO2 Data Analytics Server version 3.2.0 WSO2 Enterprise Integrator versions 6.2.0 through 6.6.0 WSO2 IS as Key Manager versions 5.5.0 through 5.10.0 WSO2 Identity Server versions 5.5.0 through 5.11.0 WSO2 Identity Server Analytics versions 5.5.0 through 5.6.0 WSO2 Micro Integrator version 1.0.0

Description A reflected XSS issue exists in the Management Console of several WSO2 products. This issue is related to the lack of protection of the web page structure, which may allow a remote attacker to perform cross-site scripting attacks.

Recommendations For WSO2 API Manager versions 2.2.0 through 4.0.0, update to a version that includes the fix for this issue. For WSO2 API Manager Analytics versions 2.2.0 through 2.6.0, update to a version that includes the fix for this issue. For WSO2 API Microgateway version 2.2.0, update to a version that includes the fix for this issue. For WSO2 Data Analytics Server version 3.2.0, update to a version that includes the fix for this issue. For WSO2 Enterprise Integrator versions 6.2.0 through 6.6.0, update to a version that includes the fix for this issue. For WSO2 IS as Key Manager versions 5.5.0 through 5.10.0, update to a version that includes the fix for this issue. For WSO2 Identity Server versions 5.5.0 through 5.11.0, update to a version that includes the fix for this issue. For WSO2 Identity Server Analytics versions 5.5.0 through 5.6.0, update to a version that includes the fix for this issue. For WSO2 Micro Integrator version 1.0.0, update to a version that includes the fix for this issue. As a temporary workaround, consider disabling access to the Management Console until a patch is available.