CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2020-11885

WSO2 Enterprise Integrator through 6.6.0 has an XXE vulnerability where a user (with admin console access) can use the XML validator to make unintended network invocations such as SSRF via an uploaded file.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.004

EPSS Ranking 56.7%

CVSS Severity

CVSS v3 Score 4.0

CVSS v2 Score 6.5

References

Products affected by CVE-2020-11885

Wso2 » Enterprise Integrator » Version: 6.1.0

cpe:2.3:a:wso2:enterprise_integrator:6.1.0
Wso2 » Enterprise Integrator » Version: 6.1.1

cpe:2.3:a:wso2:enterprise_integrator:6.1.1
Wso2 » Enterprise Integrator » Version: 6.2.0

cpe:2.3:a:wso2:enterprise_integrator:6.2.0
Wso2 » Enterprise Integrator » Version: 6.3.0

cpe:2.3:a:wso2:enterprise_integrator:6.3.0
Wso2 » Enterprise Integrator » Version: 6.4.0

cpe:2.3:a:wso2:enterprise_integrator:6.4.0
Wso2 » Enterprise Integrator » Version: 6.5.0

cpe:2.3:a:wso2:enterprise_integrator:6.5.0
Wso2 » Enterprise Integrator » Version: 6.6.0

cpe:2.3:a:wso2:enterprise_integrator:6.6.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2020-11885

Products

Pricing

Contact Us