Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wso2 api manager vulnerabilities and exploits
(subscribe to this query)
668
VMScore
CVE-2020-13226
WSO2 API Manager 3.0.0 does not properly restrict outbound network access from a Publisher node, opening up the possibility of SSRF to this node's entire intranet.
Wso2 Api Manager 3.0.0
312
VMScore
CVE-2019-20435
An issue exists in WSO2 API Manager 2.6.0. A reflected XSS attack could be performed in the inline API documentation editor page of the API Publisher by sending an HTTP GET request with a harmful docName request parameter.
Wso2 Api Manager 2.6.0
383
VMScore
CVE-2020-27885
Cross-Site Scripting (XSS) vulnerability on WSO2 API Manager 3.1.0. By exploiting a Cross-site scripting vulnerability the attacker can hijack a logged-in user’s session by stealing cookies which means that a malicious hacker can change the logged-in user’s password a...
Wso2 Api Manager 3.1.0
312
VMScore
CVE-2018-20737
An issue exists in WSO2 API Manager 2.1.0 and 2.6.0. Reflected XSS exists in the carbon part of the product.
Wso2 Identity Server 5.7.0
Wso2 Api Manager 2.6.0
Wso2 Identity Server As Key Manager 5.7.0
383
VMScore
CVE-2019-20436
An issue exists in WSO2 API Manager 2.6.0, WSO2 IS as Key Manager 5.7.0, and WSO2 Identity Server 5.8.0. If there is a claim dialect configured with an XSS payload in the dialect URI, and a user picks up this dialect's URI and adds it as the service provider claim dialect wh...
Wso2 Api Manager 2.6.0
Wso2 Identity Server 5.7.0
Wso2 Identity Server 5.8.0
383
VMScore
CVE-2019-20437
An issue exists in WSO2 API Manager 2.6.0, WSO2 IS as Key Manager 5.7.0, and WSO2 Identity Server 5.8.0. When a custom claim dialect with an XSS payload is configured in the identity provider basic claim configuration, that payload gets executed, if a user picks up that dialect...
Wso2 Api Manager 2.6.0
Wso2 Identity Server 5.7.0
Wso2 Identity Server 5.8.0
312
VMScore
CVE-2019-20442
An issue exists in WSO2 API Manager 2.6.0, WSO2 Enterprise Integrator 6.5.0, WSO2 IS as Key Manager 5.7.0, and WSO2 Identity Server 5.8.0. A potential stored Cross-Site Scripting (XSS) vulnerability in roleToAuthorize has been identified in the registry UI.
Wso2 Api Manager 2.6.0
Wso2 Enterprise Integrator 6.5.0
Wso2 Identity Server 5.7.0
Wso2 Identity Server 5.8.0
312
VMScore
CVE-2019-20443
An issue exists in WSO2 API Manager 2.6.0, WSO2 Enterprise Integrator 6.5.0, WSO2 IS as Key Manager 5.7.0, and WSO2 Identity Server 5.8.0. A potential stored Cross-Site Scripting (XSS) vulnerability in mediaType has been identified in the registry UI.
Wso2 Api Manager 2.6.0
Wso2 Enterprise Integrator 6.5.0
Wso2 Identity Server 5.7.0
Wso2 Identity Server 5.8.0
1 Github repository
NA
CVE-2023-6837
Multiple WSO2 products have been identified as vulnerable to perform user impersonatoin using JIT provisioning. In order for this vulnerability to have any impact on your deployment, following conditions must be met: * An IDP configured for federated authentication and JIT provis...
Wso2 Api Manager
Wso2 Identity Server
Wso2 Identity Server As Key Manager
Wso2 Carbon Identity Application Authentication Endpoint
Wso2 Carbon Identity Application Authentication Framework
899
VMScore
CVE-2022-29464
Certain WSO2 products allow unrestricted file upload with resultant remote code execution. The attacker must use a /fileupload endpoint with a Content-Disposition directory traversal sequence to reach a directory under the web root, such as a ../../../../repository/deployment/ser...
Wso2 Identity Server Analytics 5.5.0
Wso2 Identity Server Analytics 5.4.1
Wso2 Identity Server Analytics 5.6.0
Wso2 Identity Server Analytics 5.4.0
Wso2 Api Manager
Wso2 Identity Server
Wso2 Enterprise Integrator
Wso2 Identity Server As Key Manager
31 Github repositories
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-40673
CVE-2024-36674
CVE-2024-27348
unspecified
CVE-2024-24919
CVE-2024-4870
malicious code
CVE-2024-2019
hard-coded
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
NEXT »