Published: 21/08/2020 Updated: 21/07/2021

CVSS v2 Base Score: 6.4 | Impact Score: 4.9 | Exploitability Score: 10

CVSS v3 Base Score: 9.1 | Impact Score: 5.2 | Exploitability Score: 3.9

VMScore: 570

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:P

The Management Console in WSO2 API Manager up to and including 3.1.0 and API Microgateway 2.2.0 allows XML External Entity injection (XXE) attacks.

Vulnerable Product	Search on Vulmon	Subscribe to Product
wso2 api manager
wso2 api microgateway 2.2.0

CLI Tool to extract the related WSO2 Security Advisory information of CVE

WSO2 CVE Extractor A command line tool to extract (scrape) CVE information from NVD and related WSO2 Security Advisory information Build, Install & Run Build & Install Clone or download the repo and execute the following command (from the root directory) to install relevant dependencies npm install Run You can run the too

CWE-611 https://docs.wso2.com/display/Security/Security+Advisory+WSO2-2020-0742 https://nvd.nist.gov https://github.com/athiththan11/WSO2-CVE-Extractor

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2020-24589

Vulnerability Summary

Vulnerability Trend

Github Repositories

References

Vulmon Search

About

Products

Connect