Wso2

Api Manager Analytics

10 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.8

CVE-2023-6911

  • EPSS 0.35%
  • Published 18.12.2023 09:15:05
  • Last modified 21.11.2024 08:44:49

Multiple WSO2 products have been identified as vulnerable due to improper output encoding, a Stored Cross Site Scripting (XSS) attack can be carried out by an attacker injecting a malicious payload into the Registry feature of the Management Console....

7.5

CVE-2023-6836

  • EPSS 0.17%
  • Published 15.12.2023 10:15:09
  • Last modified 21.11.2024 08:44:38

Multiple WSO2 products have been identified as vulnerable due to an XML External Entity (XXE) attack abuses a widely available but rarely used feature of XML parsers to access sensitive information.

6.1

CVE-2022-29548

Exploit
  • EPSS 79.28%
  • Published 21.04.2022 02:15:06
  • Last modified 21.11.2024 06:59:18

A reflected XSS issue exists in the Management Console of several WSO2 products. This affects API Manager 2.2.0, 2.5.0, 2.6.0, 3.0.0, 3.1.0, 3.2.0, and 4.0.0; API Manager Analytics 2.2.0, 2.5.0, and 2.6.0; API Microgateway 2.2.0; Data Analytics Serve...

6.1

CVE-2020-17453

Exploit
  • EPSS 64.44%
  • Published 05.04.2021 22:15:12
  • Last modified 21.11.2024 05:08:08

WSO2 Management Console through 5.10 allows XSS via the carbon/admin/login.jsp msgId parameter.

8.8

CVE-2020-24703

  • EPSS 0.4%
  • Published 27.08.2020 16:15:11
  • Last modified 21.11.2024 05:15:52

An issue was discovered in certain WSO2 products. A valid Carbon Management Console session cookie may be sent to an attacker-controlled server if the victim submits a crafted Try It request, aka Session Hijacking. This affects API Manager 2.2.0, API...

6.1

CVE-2020-24704

  • EPSS 0.19%
  • Published 27.08.2020 16:15:11
  • Last modified 21.11.2024 05:15:52

An issue was discovered in certain WSO2 products. The Try It tool allows Reflected XSS. This affects API Manager 2.2.0, API Manager Analytics 2.2.0, API Microgateway 2.2.0, Data Analytics Server 3.2.0, Enterprise Integrator through 6.6.0, IS as Key M...

8.8

CVE-2020-24705

  • EPSS 0.4%
  • Published 27.08.2020 16:15:11
  • Last modified 21.11.2024 05:15:52

An issue was discovered in certain WSO2 products. A valid Carbon Management Console session cookie may be sent to an attacker-controlled server if the victim submits a crafted Try It request, aka Session Hijacking. This affects API Manager through 3....

6.1

CVE-2020-24706

  • EPSS 0.6%
  • Published 27.08.2020 16:15:11
  • Last modified 21.11.2024 05:15:53

An issue was discovered in certain WSO2 products. The Try It tool allows Reflected XSS. This affects API Manager through 3.1.0, API Manager Analytics 2.5.0, IS as Key Manager through 5.10.0, Identity Server through 5.10.0, Identity Server Analytics t...

6.5

CVE-2020-24591

  • EPSS 0.4%
  • Published 21.08.2020 20:15:11
  • Last modified 21.11.2024 05:15:06

The Management Console in certain WSO2 products allows XXE attacks during EventReceiver updates. This affects API Manager through 3.0.0, API Manager Analytics 2.2.0 and 2.5.0, API Microgateway 2.2.0, Enterprise Integrator 6.2.0 and 6.3.0, and Identit...

7.2

CVE-2020-12719

  • EPSS 0.4%
  • Published 08.05.2020 00:15:12
  • Last modified 21.11.2024 05:00:08

XXE during an EventPublisher update can occur in Management Console in WSO2 API Manager 3.0.0 and earlier, API Manager Analytics 2.5.0 and earlier, API Microgateway 2.2.0, Enterprise Integrator 6.4.0 and earlier, IS as Key Manager 5.9.0 and earlier, ...