6.7
CVE-2020-13883
- EPSS 0.28%
- Veröffentlicht 06.06.2020 19:15:09
- Zuletzt bearbeitet 21.11.2024 05:02:04
- Quelle cve@mitre.org
- Teams Watchlist Login
- Unerledigt Login
In WSO2 API Manager 3.0.0 and earlier, WSO2 API Microgateway 2.2.0, and WSO2 IS as Key Manager 5.9.0 and earlier, Management Console allows XXE during addition or update of a Lifecycle.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Wso2 ≫ Api Manager Version <= 3.0.0
Wso2 ≫ Api Microgateway Version2.2.0
Wso2 ≫ Identity Server As Key Manager Version <= 5.9.0
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.28% | 0.483 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.7 | 1.2 | 5.5 |
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:H
|
| nvd@nist.gov | 6.5 | 8 | 6.4 |
AV:N/AC:L/Au:S/C:P/I:P/A:P
|
| cve@mitre.org | 5.5 | 1.2 | 4.2 |
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:H
|
CWE-611 Improper Restriction of XML External Entity Reference
The product processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.