Wso2: >> Api Manager Security Vulnerabilities
An issue was discovered in WSO2 API Manager 2.6.0. It is possible to force the application to perform requests to the internal workstation (SSRF port-scanning), other adjacent workstations (SSRF network scanning), or to enumerate files because of the existence of the file:// wrapper.
CVSS Score
4.1
EPSS Score
0.002
Published
2019-05-14
An issue was discovered in WSO2 API Manager 2.6.0. Uploaded documents for API documentation are available to an unauthenticated user.
CVSS Score
5.3
EPSS Score
0.007
Published
2019-05-14
An issue was discovered in WSO2 API Manager 2.1.0 and 2.6.0. A DOM-based XSS exists in the store part of the product.
CVSS Score
5.4
EPSS Score
0.003
Published
2019-03-21
An issue was discovered in WSO2 API Manager 2.1.0 and 2.6.0. Reflected XSS exists in the carbon part of the product.
CVSS Score
5.4
EPSS Score
0.003
Published
2019-03-21
WSO2 Data Analytics Server 3.1.0 has XSS in carbon/resources/add_collection_ajaxprocessor.jsp via the collectionName or parentPath parameter.
CVSS Score
4.8
EPSS Score
0.093
Published
2017-09-21
Page 6