CVE-2020-24591

CVSS 6.5 MEDIUMEPSS 1.0%

The Management Console in certain WSO2 products allows XXE attacks during EventReceiver updates. This affects API Manager through 3.0.0, API Manager Analytics 2.2.0 and 2.5.0, API Microgateway 2.2.0, Enterprise Integrator 6.2.0 and 6.3.0, and Identity Server Analytics through 5.6.0.

CVSS:3.1/AC:L/AV:N/A:H/C:H/I:N/PR:H/S:U/UI:N

Affected products

n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://docs.wso2.com/display/Security/Security+Advisory+WSO2-2020-0728