CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2024-8010

The component accepts XML input through the publisher without disabling external entity resolution. This allows malicious actors to submit a crafted XML payload that exploits the unescaped external entity references. By leveraging this vulnerability, a malicious actor can read confidential files from the product's file system or access limited HTTP resources reachable via HTTP GET requests to the vulnerable product.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 2.0%

CVSS Severity

CVSS v3 Score 3.5

References

https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2026/WSO2-2024-3581/

Products affected by CVE-2024-8010

Wso2 » Api Manager » Version: 3.2.0

cpe:2.3:a:wso2:api_manager:3.2.0
Wso2 » Api Manager » Version: 3.2.1

cpe:2.3:a:wso2:api_manager:3.2.1
Wso2 » Api Manager » Version: 4.0.0

cpe:2.3:a:wso2:api_manager:4.0.0
Wso2 » Api Manager » Version: 4.1.0

cpe:2.3:a:wso2:api_manager:4.1.0
Wso2 » Api Manager » Version: 4.2.0

cpe:2.3:a:wso2:api_manager:4.2.0
Wso2 » Api Manager » Version: 4.3.0

cpe:2.3:a:wso2:api_manager:4.3.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2024-8010

Products

Pricing

Contact Us