CVE-2024-4598
- EPSS 0.05%
- Published 23.09.2025 11:15:39
- Last modified 06.10.2025 13:36:30
An information disclosure vulnerability exists in multiple WSO2 products due to improper implementation of the enrich mediator. Authenticated users may be able to view unintended business data from other mediation contexts because the internal state ...
CVE-2024-7074
- EPSS 0.1%
- Published 02.06.2025 16:42:19
- Last modified 02.06.2025 17:32:17
An arbitrary file upload vulnerability exists in multiple WSO2 products due to improper validation of user input in SOAP admin services. A malicious actor with administrative privileges can upload an arbitrary file to a user-controlled location on th...
CVE-2023-6836
- EPSS 0.17%
- Published 15.12.2023 10:15:09
- Last modified 21.11.2024 08:44:38
Multiple WSO2 products have been identified as vulnerable due to an XML External Entity (XXE) attack abuses a widely available but rarely used feature of XML parsers to access sensitive information.
CVE-2022-29548
- EPSS 79.28%
- Published 21.04.2022 02:15:06
- Last modified 21.11.2024 06:59:18
A reflected XSS issue exists in the Management Console of several WSO2 products. This affects API Manager 2.2.0, 2.5.0, 2.6.0, 3.0.0, 3.1.0, 3.2.0, and 4.0.0; API Manager Analytics 2.2.0, 2.5.0, and 2.6.0; API Microgateway 2.2.0; Data Analytics Serve...
CVE-2020-17453
- EPSS 64.44%
- Published 05.04.2021 22:15:12
- Last modified 21.11.2024 05:08:08
WSO2 Management Console through 5.10 allows XSS via the carbon/admin/login.jsp msgId parameter.