Vulnerability Details CVE-2020-13226
WSO2 API Manager 3.0.0 does not properly restrict outbound network access from a Publisher node, opening up the possibility of SSRF to this node's entire intranet.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.007
EPSS Ranking 71.2%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 7.5
References
- https://docs.wso2.com/display/Security/Security+Advisories
- https://docs.wso2.com/display/Security/WSO2+Security+Vulnerability+Management+Process
- https://github.com/wso2/docs-apim/issues/816
- https://github.com/wso2/product-apim/issues/7677
- https://docs.wso2.com/display/Security/Security+Advisories
- https://docs.wso2.com/display/Security/WSO2+Security+Vulnerability+Management+Process
- https://github.com/wso2/docs-apim/issues/816
- https://github.com/wso2/product-apim/issues/7677
Products affected by CVE-2020-13226
-
cpe:2.3:a:wso2:api_manager:3.0.0