Wso2

Enterprise Integrator

23 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.1

CVE-2022-29548

Exploit
  • EPSS 79.28%
  • Veröffentlicht 21.04.2022 02:15:06
  • Zuletzt bearbeitet 21.11.2024 06:59:18

A reflected XSS issue exists in the Management Console of several WSO2 products. This affects API Manager 2.2.0, 2.5.0, 2.6.0, 3.0.0, 3.1.0, 3.2.0, and 4.0.0; API Manager Analytics 2.2.0, 2.5.0, and 2.6.0; API Microgateway 2.2.0; Data Analytics Serve...

10

CVE-2022-29464

Warnung Exploit
  • EPSS 94.43%
  • Veröffentlicht 18.04.2022 22:15:09
  • Zuletzt bearbeitet 03.04.2025 18:54:31

Certain WSO2 products allow unrestricted file upload with resultant remote code execution. The attacker must use a /fileupload endpoint with a Content-Disposition directory traversal sequence to reach a directory under the web root, such as a ../../....

6.1

CVE-2020-17453

Exploit
  • EPSS 64.44%
  • Veröffentlicht 05.04.2021 22:15:12
  • Zuletzt bearbeitet 21.11.2024 05:08:08

WSO2 Management Console through 5.10 allows XSS via the carbon/admin/login.jsp msgId parameter.

5.4

CVE-2020-25516

Exploit
  • EPSS 0.34%
  • Veröffentlicht 29.10.2020 13:15:11
  • Zuletzt bearbeitet 21.11.2024 05:18:05

WSO2 Enterprise Integrator 6.6.0 or earlier contains a stored cross-site scripting (XSS) vulnerability in BPMN explorer tasks.

6.1

CVE-2020-24704

  • EPSS 0.19%
  • Veröffentlicht 27.08.2020 16:15:11
  • Zuletzt bearbeitet 21.11.2024 05:15:52

An issue was discovered in certain WSO2 products. The Try It tool allows Reflected XSS. This affects API Manager 2.2.0, API Manager Analytics 2.2.0, API Microgateway 2.2.0, Data Analytics Server 3.2.0, Enterprise Integrator through 6.6.0, IS as Key M...

8.8

CVE-2020-24703

  • EPSS 0.4%
  • Veröffentlicht 27.08.2020 16:15:11
  • Zuletzt bearbeitet 21.11.2024 05:15:52

An issue was discovered in certain WSO2 products. A valid Carbon Management Console session cookie may be sent to an attacker-controlled server if the victim submits a crafted Try It request, aka Session Hijacking. This affects API Manager 2.2.0, API...

6.5

CVE-2020-24591

  • EPSS 0.4%
  • Veröffentlicht 21.08.2020 20:15:11
  • Zuletzt bearbeitet 21.11.2024 05:15:06

The Management Console in certain WSO2 products allows XXE attacks during EventReceiver updates. This affects API Manager through 3.0.0, API Manager Analytics 2.2.0 and 2.5.0, API Microgateway 2.2.0, Enterprise Integrator 6.2.0 and 6.3.0, and Identit...

7.2

CVE-2020-12719

  • EPSS 0.4%
  • Veröffentlicht 08.05.2020 00:15:12
  • Zuletzt bearbeitet 21.11.2024 05:00:08

XXE during an EventPublisher update can occur in Management Console in WSO2 API Manager 3.0.0 and earlier, API Manager Analytics 2.5.0 and earlier, API Microgateway 2.2.0, Enterprise Integrator 6.4.0 and earlier, IS as Key Manager 5.9.0 and earlier, ...

7.2

CVE-2020-11885

  • EPSS 0.39%
  • Veröffentlicht 17.04.2020 20:15:12
  • Zuletzt bearbeitet 21.11.2024 04:58:49

WSO2 Enterprise Integrator through 6.6.0 has an XXE vulnerability where a user (with admin console access) can use the XML validator to make unintended network invocations such as SSRF via an uploaded file.

4.8

CVE-2019-20443

Exploit
  • EPSS 0.52%
  • Veröffentlicht 28.01.2020 00:15:10
  • Zuletzt bearbeitet 21.11.2024 04:38:29

An issue was discovered in WSO2 API Manager 2.6.0, WSO2 Enterprise Integrator 6.5.0, WSO2 IS as Key Manager 5.7.0, and WSO2 Identity Server 5.8.0. A potential stored Cross-Site Scripting (XSS) vulnerability in mediaType has been identified in the reg...