Описание
In WSO2 API Manager 3.0.0 and earlier, WSO2 API Microgateway 2.2.0, and WSO2 IS as Key Manager 5.9.0 and earlier, Management Console allows XXE during addition or update of a Lifecycle.
Ссылки
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 3.0.0 (включая)Версия до 5.9.0 (включая)
Одно из
cpe:2.3:a:wso2:api_manager:*:*:*:*:*:*:*:*
cpe:2.3:a:wso2:api_microgateway:2.2.0:*:*:*:*:*:*:*
cpe:2.3:a:wso2:identity_server_as_key_manager:*:*:*:*:*:*:*:*
EPSS
Процентиль: 51%
0.00279
Низкий
5.5 Medium
CVSS3
6.7 Medium
CVSS3
6.5 Medium
CVSS2
Дефекты
CWE-611
Связанные уязвимости
github
больше 3 лет назад
In WSO2 API Manager 3.0.0 and earlier, WSO2 API Microgateway 2.2.0, and WSO2 IS as Key Manager 5.9.0 and earlier, Management Console allows XXE during addition or update of a Lifecycle.
EPSS
Процентиль: 51%
0.00279
Низкий
5.5 Medium
CVSS3
6.7 Medium
CVSS3
6.5 Medium
CVSS2
Дефекты
CWE-611