Описание
Due to the improper configuration of XML parser, user-supplied XML is parsed without applying sufficient restrictions, enabling XML External Entity (XXE) resolution in multiple WSO2 Products.
A successful XXE attack could allow a remote, unauthenticated attacker to:
- Read sensitive files from the server’s filesystem.
- Perform denial-of-service (DoS) attacks, which can render the affected service unavailable.
Уязвимые конфигурации
Конфигурация 1Версия до 2.0.0 (включая)
cpe:2.3:a:wso2:api_manager:*:*:*:*:*:*:*:*
EPSS
Процентиль: 16%
0.00052
Низкий
9.1 Critical
CVSS3
Дефекты
CWE-611
Связанные уязвимости
CVSS3: 9.1
github
9 месяцев назад
WSO2 API Manager XML External Entity (XXE) vulnerability
EPSS
Процентиль: 16%
0.00052
Низкий
9.1 Critical
CVSS3
Дефекты
CWE-611