Skip to main content

Api Microgateway

10 CVEs product

Monthly

CVE-2023-6911 Maven MEDIUM PATCH This Month

Multiple WSO2 products have been identified as vulnerable due to improper output encoding, a Stored Cross Site Scripting (XSS) attack can be carried out by an attacker injecting a malicious payload. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Api Manager Api Manager Analytics Api Microgateway Data Analytics Server +5
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-6836 Maven HIGH PATCH This Week

Multiple WSO2 products have been identified as vulnerable due to an XML External Entity (XXE) attack abuses a widely available but rarely used feature of XML parsers to access sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE Api Manager Api Manager Analytics Api Microgateway Enterprise Integrator +3
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2022-29548 MEDIUM POC THREAT This Month

A reflected XSS issue exists in the Management Console of several WSO2 products. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Api Manager Api Manager Analytics Api Microgateway Data Analytics Server +5
NVD Exploit-DB
CVSS 3.1
6.1
EPSS
41.1%
CVE-2020-24704 MEDIUM This Month

An issue was discovered in certain WSO2 products. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Api Manager Api Manager Analytics Api Microgateway Data Analytics Server +5
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2020-24703 HIGH This Week

An issue was discovered in certain WSO2 products. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Api Manager Api Manager Analytics Api Microgateway Data Analytics Server +5
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2020-24591 MEDIUM This Month

The Management Console in certain WSO2 products allows XXE attacks during EventReceiver updates. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XXE Api Manager Api Manager Analytics Api Microgateway Enterprise Integrator +1
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2020-24590 CRITICAL Act Now

The Management Console in WSO2 API Manager through 3.1.0 and API Microgateway 2.2.0 allows XML Entity Expansion attacks. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Api Manager Api Microgateway
NVD
CVSS 3.1
9.1
EPSS
1.3%
CVE-2020-24589 CRITICAL POC PATCH THREAT Act Now

The Management Console in WSO2 API Manager through 3.1.0 and API Microgateway 2.2.0 allows XML External Entity injection (XXE) attacks. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

XXE Api Manager Api Microgateway
NVD
CVSS 3.1
9.1
EPSS
26.9%
CVE-2020-13883 MEDIUM This Month

In WSO2 API Manager 3.0.0 and earlier, WSO2 API Microgateway 2.2.0, and WSO2 IS as Key Manager 5.9.0 and earlier, Management Console allows XXE during addition or update of a Lifecycle. Rated medium severity (CVSS 6.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XXE Api Manager Api Microgateway Identity Server As Key Manager
NVD
CVSS 3.1
6.7
EPSS
0.8%
CVE-2020-12719 HIGH This Week

XXE during an EventPublisher update can occur in Management Console in WSO2 API Manager 3.0.0 and earlier, API Manager Analytics 2.5.0 and earlier, API Microgateway 2.2.0, Enterprise Integrator 6.4.0. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XXE Api Manager Api Manager Analytics Api Microgateway Enterprise Integrator +3
NVD
CVSS 3.1
7.2
EPSS
1.0%
EPSS 0% CVSS 4.8
MEDIUM PATCH This Month

Multiple WSO2 products have been identified as vulnerable due to improper output encoding, a Stored Cross Site Scripting (XSS) attack can be carried out by an attacker injecting a malicious payload. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Api Manager Api Manager Analytics +7
NVD
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Multiple WSO2 products have been identified as vulnerable due to an XML External Entity (XXE) attack abuses a widely available but rarely used feature of XML parsers to access sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE Api Manager Api Manager Analytics +5
NVD
EPSS 41% CVSS 6.1
MEDIUM POC THREAT This Month

A reflected XSS issue exists in the Management Console of several WSO2 products. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Api Manager Api Manager Analytics +7
NVD Exploit-DB
EPSS 1% CVSS 6.1
MEDIUM This Month

An issue was discovered in certain WSO2 products. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Api Manager Api Manager Analytics +7
NVD
EPSS 1% CVSS 8.8
HIGH This Week

An issue was discovered in certain WSO2 products. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Api Manager Api Manager Analytics +7
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

The Management Console in certain WSO2 products allows XXE attacks during EventReceiver updates. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XXE Api Manager Api Manager Analytics +3
NVD
EPSS 1% CVSS 9.1
CRITICAL Act Now

The Management Console in WSO2 API Manager through 3.1.0 and API Microgateway 2.2.0 allows XML Entity Expansion attacks. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Api Manager Api Microgateway
NVD
EPSS 27% CVSS 9.1
CRITICAL POC PATCH THREAT Act Now

The Management Console in WSO2 API Manager through 3.1.0 and API Microgateway 2.2.0 allows XML External Entity injection (XXE) attacks. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

XXE Api Manager Api Microgateway
NVD
EPSS 1% CVSS 6.7
MEDIUM This Month

In WSO2 API Manager 3.0.0 and earlier, WSO2 API Microgateway 2.2.0, and WSO2 IS as Key Manager 5.9.0 and earlier, Management Console allows XXE during addition or update of a Lifecycle. Rated medium severity (CVSS 6.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XXE Api Manager Api Microgateway +1
NVD
EPSS 1% CVSS 7.2
HIGH This Week

XXE during an EventPublisher update can occur in Management Console in WSO2 API Manager 3.0.0 and earlier, API Manager Analytics 2.5.0 and earlier, API Microgateway 2.2.0, Enterprise Integrator 6.4.0. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XXE Api Manager Api Manager Analytics +5
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy