Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
api manager vulnerabilities and exploits
(subscribe to this query)
4
CVSSv2
CVE-2019-6512
An issue exists in WSO2 API Manager 2.6.0. It is possible to force the application to perform requests to the internal workstation (SSRF port-scanning), other adjacent workstations (SSRF network scanning), or to enumerate files because of the existence of the file:// wrapper.
Wso2 Api Manager 2.6.0
5.5
CVSSv2
CVE-2019-6513
An issue exists in WSO2 API Manager 2.6.0. It is possible for a logged-in user to upload, as API documentation, any type of file by changing the extension to an allowed one.
Wso2 Api Manager 2.6.0
5
CVSSv2
CVE-2019-6515
An issue exists in WSO2 API Manager 2.6.0. Uploaded documents for API documentation are available to an unauthenticated user.
Wso2 Api Manager 2.6.0
4.3
CVSSv2
CVE-2020-27885
Cross-Site Scripting (XSS) vulnerability on WSO2 API Manager 3.1.0. By exploiting a Cross-site scripting vulnerability the attacker can hijack a logged-in user’s session by stealing cookies which means that a malicious hacker can change the logged-in user’s password a...
Wso2 Api Manager 3.1.0
3.5
CVSSv2
CVE-2018-20736
An issue exists in WSO2 API Manager 2.1.0 and 2.6.0. A DOM-based XSS exists in the store part of the product.
Wso2 Api Manager 2.6.0
5
CVSSv2
CVE-2021-22516
Insertion of Sensitive Information into Log File vulnerability in Micro Focus Secure API Manager (SAPIM) product, affecting version 2.0.0. The vulnerability could lead to sensitive information being in a log file.
Microfocus Secure Api Manager 2.0.0
NA
CVE-2023-50092
APIIDA API Gateway Manager for Broadcom Layer7 v2023.2 is vulnerable to Cross Site Scripting (XSS).
Apiida Api Gateway Manager 2023.02.02
NA
CVE-2023-50093
APIIDA API Gateway Manager for Broadcom Layer7 v2023.2.2 is vulnerable to Host Header Injection.
Apiida Api Gateway Manager 2023.02.02
6.8
CVSSv2
CVE-2020-24705
An issue exists in certain WSO2 products. A valid Carbon Management Console session cookie may be sent to an attacker-controlled server if the victim submits a crafted Try It request, aka Session Hijacking. This affects API Manager up to and including 3.1.0, API Manager Analytics...
Wso2 Identity Server Analytics
Wso2 Identity Server As Key Manager
Wso2 Identity Server
Wso2 Api Manager
Wso2 Api Manager Analytics 2.5.0
Wso2 Iot Server 3.1.0
4.3
CVSSv2
CVE-2020-24706
An issue exists in certain WSO2 products. The Try It tool allows Reflected XSS. This affects API Manager up to and including 3.1.0, API Manager Analytics 2.5.0, IS as Key Manager up to and including 5.10.0, Identity Server up to and including 5.10.0, Identity Server Analytics up ...
Wso2 Identity Server Analytics
Wso2 Identity Server As Key Manager
Wso2 Identity Server
Wso2 Api Manager
Wso2 Api Manager Analytics 2.5.0
Wso2 Iot Server 3.1.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-30310
CVE-2024-21683
CVE-2024-22187
chrome
deserialization
XPath injection
CVE-2024-27842
denial of service
CVE-2024-24851
google
CVE-2024-35400
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »