Wso2

Api Manager

57 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.1

CVE-2020-24706

  • EPSS 0.6%
  • Veröffentlicht 27.08.2020 16:15:11
  • Zuletzt bearbeitet 21.11.2024 05:15:53

An issue was discovered in certain WSO2 products. The Try It tool allows Reflected XSS. This affects API Manager through 3.1.0, API Manager Analytics 2.5.0, IS as Key Manager through 5.10.0, Identity Server through 5.10.0, Identity Server Analytics t...

8.8

CVE-2020-24705

  • EPSS 0.4%
  • Veröffentlicht 27.08.2020 16:15:11
  • Zuletzt bearbeitet 21.11.2024 05:15:52

An issue was discovered in certain WSO2 products. A valid Carbon Management Console session cookie may be sent to an attacker-controlled server if the victim submits a crafted Try It request, aka Session Hijacking. This affects API Manager through 3....

6.1

CVE-2020-24704

  • EPSS 0.19%
  • Veröffentlicht 27.08.2020 16:15:11
  • Zuletzt bearbeitet 21.11.2024 05:15:52

An issue was discovered in certain WSO2 products. The Try It tool allows Reflected XSS. This affects API Manager 2.2.0, API Manager Analytics 2.2.0, API Microgateway 2.2.0, Data Analytics Server 3.2.0, Enterprise Integrator through 6.6.0, IS as Key M...

8.8

CVE-2020-24703

  • EPSS 0.4%
  • Veröffentlicht 27.08.2020 16:15:11
  • Zuletzt bearbeitet 21.11.2024 05:15:52

An issue was discovered in certain WSO2 products. A valid Carbon Management Console session cookie may be sent to an attacker-controlled server if the victim submits a crafted Try It request, aka Session Hijacking. This affects API Manager 2.2.0, API...

6.5

CVE-2020-24591

  • EPSS 0.4%
  • Veröffentlicht 21.08.2020 20:15:11
  • Zuletzt bearbeitet 21.11.2024 05:15:06

The Management Console in certain WSO2 products allows XXE attacks during EventReceiver updates. This affects API Manager through 3.0.0, API Manager Analytics 2.2.0 and 2.5.0, API Microgateway 2.2.0, Enterprise Integrator 6.2.0 and 6.3.0, and Identit...

9.1

CVE-2020-24590

  • EPSS 0.56%
  • Veröffentlicht 21.08.2020 20:15:11
  • Zuletzt bearbeitet 21.11.2024 05:15:06

The Management Console in WSO2 API Manager through 3.1.0 and API Microgateway 2.2.0 allows XML Entity Expansion attacks.

9.1

CVE-2020-24589

  • EPSS 89.12%
  • Veröffentlicht 21.08.2020 20:15:10
  • Zuletzt bearbeitet 21.11.2024 05:15:06

The Management Console in WSO2 API Manager through 3.1.0 and API Microgateway 2.2.0 allows XML External Entity injection (XXE) attacks.

6.7

CVE-2020-13883

  • EPSS 0.28%
  • Veröffentlicht 06.06.2020 19:15:09
  • Zuletzt bearbeitet 21.11.2024 05:02:04

In WSO2 API Manager 3.0.0 and earlier, WSO2 API Microgateway 2.2.0, and WSO2 IS as Key Manager 5.9.0 and earlier, Management Console allows XXE during addition or update of a Lifecycle.

9.8

CVE-2020-13226

  • EPSS 0.7%
  • Veröffentlicht 20.05.2020 12:15:11
  • Zuletzt bearbeitet 21.11.2024 05:00:50

WSO2 API Manager 3.0.0 does not properly restrict outbound network access from a Publisher node, opening up the possibility of SSRF to this node's entire intranet.

7.2

CVE-2020-12719

  • EPSS 0.4%
  • Veröffentlicht 08.05.2020 00:15:12
  • Zuletzt bearbeitet 21.11.2024 05:00:08

XXE during an EventPublisher update can occur in Management Console in WSO2 API Manager 3.0.0 and earlier, API Manager Analytics 2.5.0 and earlier, API Microgateway 2.2.0, Enterprise Integrator 6.4.0 and earlier, IS as Key Manager 5.9.0 and earlier, ...