Wso2

Api Manager

70 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.1

CVE-2020-17453

Exploit
  • EPSS 64.44%
  • Veröffentlicht 05.04.2021 22:15:12
  • Zuletzt bearbeitet 21.11.2024 05:08:08

WSO2 Management Console through 5.10 allows XSS via the carbon/admin/login.jsp msgId parameter.

6.1

CVE-2020-27885

Exploit
  • EPSS 1.06%
  • Veröffentlicht 29.10.2020 21:15:15
  • Zuletzt bearbeitet 21.11.2024 05:21:58

Cross-Site Scripting (XSS) vulnerability on WSO2 API Manager 3.1.0. By exploiting a Cross-site scripting vulnerability the attacker can hijack a logged-in user’s session by stealing cookies which means that a malicious hacker can change the logged-in...

6.1

CVE-2020-17454

  • EPSS 0.42%
  • Veröffentlicht 21.10.2020 22:15:12
  • Zuletzt bearbeitet 21.11.2024 05:08:09

WSO2 API Manager 3.1.0 and earlier has reflected XSS on the "publisher" component's admin interface. More precisely, it is possible to inject an XSS payload into the owner POST parameter, which does not filter user inputs. By putting an XSS payload i...

6.1

CVE-2020-24706

  • EPSS 0.6%
  • Veröffentlicht 27.08.2020 16:15:11
  • Zuletzt bearbeitet 21.11.2024 05:15:53

An issue was discovered in certain WSO2 products. The Try It tool allows Reflected XSS. This affects API Manager through 3.1.0, API Manager Analytics 2.5.0, IS as Key Manager through 5.10.0, Identity Server through 5.10.0, Identity Server Analytics t...

8.8

CVE-2020-24705

  • EPSS 0.4%
  • Veröffentlicht 27.08.2020 16:15:11
  • Zuletzt bearbeitet 21.11.2024 05:15:52

An issue was discovered in certain WSO2 products. A valid Carbon Management Console session cookie may be sent to an attacker-controlled server if the victim submits a crafted Try It request, aka Session Hijacking. This affects API Manager through 3....

6.1

CVE-2020-24704

  • EPSS 0.19%
  • Veröffentlicht 27.08.2020 16:15:11
  • Zuletzt bearbeitet 21.11.2024 05:15:52

An issue was discovered in certain WSO2 products. The Try It tool allows Reflected XSS. This affects API Manager 2.2.0, API Manager Analytics 2.2.0, API Microgateway 2.2.0, Data Analytics Server 3.2.0, Enterprise Integrator through 6.6.0, IS as Key M...

8.8

CVE-2020-24703

  • EPSS 0.4%
  • Veröffentlicht 27.08.2020 16:15:11
  • Zuletzt bearbeitet 21.11.2024 05:15:52

An issue was discovered in certain WSO2 products. A valid Carbon Management Console session cookie may be sent to an attacker-controlled server if the victim submits a crafted Try It request, aka Session Hijacking. This affects API Manager 2.2.0, API...

6.5

CVE-2020-24591

  • EPSS 0.4%
  • Veröffentlicht 21.08.2020 20:15:11
  • Zuletzt bearbeitet 21.11.2024 05:15:06

The Management Console in certain WSO2 products allows XXE attacks during EventReceiver updates. This affects API Manager through 3.0.0, API Manager Analytics 2.2.0 and 2.5.0, API Microgateway 2.2.0, Enterprise Integrator 6.2.0 and 6.3.0, and Identit...

9.1

CVE-2020-24590

  • EPSS 0.56%
  • Veröffentlicht 21.08.2020 20:15:11
  • Zuletzt bearbeitet 21.11.2024 05:15:06

The Management Console in WSO2 API Manager through 3.1.0 and API Microgateway 2.2.0 allows XML Entity Expansion attacks.

9.1

CVE-2020-24589

  • EPSS 89.12%
  • Veröffentlicht 21.08.2020 20:15:10
  • Zuletzt bearbeitet 21.11.2024 05:15:06

The Management Console in WSO2 API Manager through 3.1.0 and API Microgateway 2.2.0 allows XML External Entity injection (XXE) attacks.