Vulnerabilities > CVE-2019-6512 - Server-Side Request Forgery (SSRF) vulnerability in Wso2 API Manager 2.6.0

CVSS 4.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

SINGLE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

NONE

network

low complexity

wso2

CWE-918

NVD

Published: 2019-05-14

Updated: 2019-05-14

Summary

An issue was discovered in WSO2 API Manager 2.6.0. It is possible to force the application to perform requests to the internal workstation (SSRF port-scanning), other adjacent workstations (SSRF network scanning), or to enumerate files because of the existence of the file:// wrapper.

Vulnerable Configurations

Part	Description	Count
Application	Wso2 Wso2 API Manager 2.6.0	1

Common Weakness Enumeration (CWE)

CWE-918 - Server-Side Request Forgery (SSRF)

References

https://wso2.com/security-patch-releases/api-manager
https://www.excellium-services.com/cert-xlm-advisory