Vulnerabilities
Vulnerable Software
Wso2:  >> Api Manager  >> 1.3.1  Security Vulnerabilities
In WSO2 API Manager 3.0.0 and earlier, WSO2 API Microgateway 2.2.0, and WSO2 IS as Key Manager 5.9.0 and earlier, Management Console allows XXE during addition or update of a Lifecycle.
CVSS Score
5.5
EPSS Score
0.003
Published
2020-06-06
XXE during an EventPublisher update can occur in Management Console in WSO2 API Manager 3.0.0 and earlier, API Manager Analytics 2.5.0 and earlier, API Microgateway 2.2.0, Enterprise Integrator 6.4.0 and earlier, IS as Key Manager 5.9.0 and earlier, Identity Server 5.9.0 and earlier, and Identity Server Analytics 5.6.0 and earlier.
CVSS Score
8.7
EPSS Score
0.004
Published
2020-05-08
An issue was discovered in WSO2 API Manager 2.6.0 before WSO2-CARBON-PATCH-4.4.0-4457. There is XSS via a crafted filename to the file-upload feature of the event simulator component.
CVSS Score
3.5
EPSS Score
0.003
Published
2019-08-16


Contact Us

Shodan ® - All rights reserved