8.7
CVE-2020-12719
- EPSS 0.4%
- Published 08.05.2020 00:15:12
- Last modified 21.11.2024 05:00:08
- Source cve@mitre.org
- Teams watchlist Login
- Open Login
XXE during an EventPublisher update can occur in Management Console in WSO2 API Manager 3.0.0 and earlier, API Manager Analytics 2.5.0 and earlier, API Microgateway 2.2.0, Enterprise Integrator 6.4.0 and earlier, IS as Key Manager 5.9.0 and earlier, Identity Server 5.9.0 and earlier, and Identity Server Analytics 5.6.0 and earlier.
Data is provided by the National Vulnerability Database (NVD)
Wso2 ≫ Api Manager Version <= 3.0.0
Wso2 ≫ Api Manager Analytics Version <= 2.5.0
Wso2 ≫ Api Microgateway Version2.2.0
Wso2 ≫ Enterprise Integrator Version <= 6.4.0
Wso2 ≫ Identity Server Version <= 5.9.0
Wso2 ≫ Identity Server Analytics Version <= 5.6.0
Wso2 ≫ Identity Server As Key Manager Version <= 5.9.0
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.4% | 0.579 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 7.2 | 1.2 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 6.5 | 8 | 6.4 |
AV:N/AC:L/Au:S/C:P/I:P/A:P
|
| cve@mitre.org | 8.7 | 2.3 | 5.8 |
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:H
|
CWE-611 Improper Restriction of XML External Entity Reference
The product processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.