wso2 api manager 4.0.0 vulnerabilities and exploits

(subscribe to this query)

Due to improper error handling, a REST API resource could expose a server side error containing an internal WSO2 specific package name in the HTTP response.

Wso2 Api Manager 3.0.0 Wso2 Api Manager 3.1.0 Wso2 Api Manager 4.0.0 Wso2 Api Manager 3.2.0

XML External Entity (XXE) vulnerability in the file based service provider creation feature of the Management Console in WSO2 API Manager 2.6.0, 3.0.0, 3.1.0, 3.2.0, and 4.0.0; and WSO2 IS as Key Manager 5.7.0, 5.9.0, and 5.10.0; and WSO2 Identity Server 5.7.0, 5.8.0, 5.9.0, 5.10...

Wso2 Api Manager 2.6.0 Wso2 Identity Server 5.7.0 Wso2 Identity Server As Key Manager 5.7.0 Wso2 Identity Server 5.8.0 Wso2 Api Manager 3.0.0 Wso2 Api Manager 3.1.0 Wso2 Identity Server As Key Manager 5.9.0 Wso2 Identity Server As Key Manager 5.10.0 Wso2 Identity Server 5.11.0 Wso2 Api Manager 4.0.0 Wso2 Api Manager 3.2.0 Wso2 Identity Server 5.9.0 Wso2 Identity Server 5.10.0

Multiple WSO2 products have been identified as vulnerable to perform user impersonatoin using JIT provisioning. In order for this vulnerability to have any impact on your deployment, following conditions must be met: * An IDP configured for federated authentication and JIT provis...

Wso2 Api Manager 2.6.0 Wso2 Api Manager 3.0.0 Wso2 Api Manager 3.1.0 Wso2 Api Manager 4.0.0 Wso2 Api Manager 3.2.0 Wso2 Api Manager 2.5.0 Wso2 Identity Server 5.7.0 Wso2 Identity Server 5.8.0 Wso2 Identity Server 5.11.0 Wso2 Identity Server 5.9.0 Wso2 Identity Server 5.10.0 Wso2 Identity Server 5.6.0 Wso2 Identity Server As Key Manager 5.7.0 Wso2 Identity Server As Key Manager 5.6.0 Wso2 Identity Server As Key Manager 5.9.0 Wso2 Identity Server As Key Manager 5.10.0

A reflected XSS issue exists in the Management Console of several WSO2 products. This affects API Manager 2.2.0, 2.5.0, 2.6.0, 3.0.0, 3.1.0, 3.2.0, and 4.0.0; API Manager Analytics 2.2.0, 2.5.0, and 2.6.0; API Microgateway 2.2.0; Data Analytics Server 3.2.0; Enterprise Integrator...

1 Github repository

In accountrecoveryendpoint/recoverpassword.do in WSO2 Identity Server 5.7.0, it is possible to perform a DOM-Based XSS attack affecting the callback parameter modifying the URL that precedes the callback parameter. Once the username or password reset procedure is completed, the J...

Wso2 Api Manager 3.0.0 Wso2 Api Manager 3.1.0 Wso2 Api Manager 3.2.0 Wso2 Api Manager 4.0.0 Wso2 Identity Server 5.7.0 Wso2 Identity Server 5.8.0 Wso2 Identity Server 5.9.0 Wso2 Identity Server 5.10.0 Wso2 Identity Server 5.11.0 Wso2 Identity Server As Key Manager 5.3.0 Wso2 Identity Server As Key Manager 5.5.0 Wso2 Identity Server As Key Manager 5.6.0 Wso2 Identity Server As Key Manager 5.7.0 Wso2 Identity Server As Key Manager 5.9.0 Wso2 Identity Server As Key Manager 5.10.0 Wso2 Iot Server 3.3.1

Certain WSO2 products allow unrestricted file upload with resultant remote code execution. The attacker must use a /fileupload endpoint with a Content-Disposition directory traversal sequence to reach a directory under the web root, such as a ../../../../repository/deployment/ser...

Wso2 Identity Server Analytics 5.5.0 Wso2 Identity Server Analytics 5.4.1 Wso2 Identity Server Analytics 5.6.0 Wso2 Identity Server Analytics 5.4.0 Wso2 Api Manager Wso2 Identity Server Wso2 Enterprise Integrator Wso2 Identity Server As Key Manager

31 Github repositories

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook