The Management Console in certain WSO2 products allows XXE attacks during EventReceiver updates. This affects API Manager up to and including 3.0.0, API Manager Analytics 2.2.0 and 2.5.0, API Microgateway 2.2.0, Enterprise Integrator 6.2.0 and 6.3.0, and Identity Server Analytics up to and including 5.6.0.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
wso2 api manager |
||
wso2 api manager analytics 2.2.0 |
||
wso2 api manager analytics 2.5.0 |
||
wso2 api microgateway 2.2.0 |
||
wso2 enterprise integrator 6.2.0 |
||
wso2 enterprise integrator 6.3.0 |
||
wso2 identity server analytics |