Vulnerabilities > CVE-2020-12719 - XXE vulnerability in Wso2 products

CVSS 6.5 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

SINGLE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

wso2

CWE-611

NVD

Published: 2020-05-08

Updated: 2020-05-14

Summary

XXE during an EventPublisher update can occur in Management Console in WSO2 API Manager 3.0.0 and earlier, API Manager Analytics 2.5.0 and earlier, API Microgateway 2.2.0, Enterprise Integrator 6.4.0 and earlier, IS as Key Manager 5.9.0 and earlier, Identity Server 5.9.0 and earlier, and Identity Server Analytics 5.6.0 and earlier.

Vulnerable Configurations

Part	Description	Count
Application	Wso2 Wso2 API Manager 1.0.0 Wso2 API Manager 1.1.1 Wso2 API Manager 1.2.0 Wso2 API Manager 1.3.0 Wso2 API Manager 1.3.1 Wso2 API Manager 1.4.0 Wso2 API Manager 1.5.0 Wso2 API Manager 1.6.0 Wso2 API Manager 1.7.0 Wso2 API Manager 1.8.0 Wso2 API Manager 1.9.0 Wso2 API Manager 1.9.1 Wso2 API Manager 1.10.0 Wso2 API Manager 2.0.0 Wso2 API Manager 2.1.0 Wso2 API Manager 2.2.0 Wso2 API Manager 2.5.0 Wso2 API Manager 2.6.0 Wso2 API Manager 3.0.0 Wso2 API Manager Analytics 2.5.0 Wso2 API Microgateway 2.2.0 Wso2 Enterprise Integrator 6.4.0 Wso2 Identity Server 1.5.0 Wso2 Identity Server 2.0.0 Wso2 Identity Server 2.0.1 Wso2 Identity Server 2.0.2 Wso2 Identity Server 2.0.3 Wso2 Identity Server 3.0.0 Wso2 Identity Server 3.0.1 Wso2 Identity Server 3.2.0 Wso2 Identity Server 3.2.2 Wso2 Identity Server 3.2.3 Wso2 Identity Server 4.0.0 Wso2 Identity Server 4.1.0 Wso2 Identity Server 4.5.0 Wso2 Identity Server 4.6.0 Wso2 Identity Server 5.0.0 Wso2 Identity Server 5.1.0 Wso2 Identity Server 5.2.0 Wso2 Identity Server 5.3.0 Wso2 Identity Server 5.4.0 Wso2 Identity Server 5.4.1 Wso2 Identity Server 5.5.0 Wso2 Identity Server 5.6.0 Wso2 Identity Server 5.7.0 Wso2 Identity Server 5.8.0 Wso2 Identity Server 5.9.0 Wso2 Identity Server Analytics 5.6.0 Wso2 Identity Server AS KEY Manager 5.0.0 Wso2 Identity Server AS KEY Manager 5.1.0 Wso2 Identity Server AS KEY Manager 5.2.0 Wso2 Identity Server AS KEY Manager 5.3.0 Wso2 Identity Server AS KEY Manager 5.4.0 Wso2 Identity Server AS KEY Manager 5.4.1 Wso2 Identity Server AS KEY Manager 5.5.0 Wso2 Identity Server AS KEY Manager 5.6.0 Wso2 Identity Server AS KEY Manager 5.7.0 Wso2 Identity Server AS KEY Manager 5.8.0 Wso2 Identity Server AS KEY Manager 5.9.0	59

Common Weakness Enumeration (CWE)

CWE-611 - Improper Restriction of XML External Entity Reference ('XXE')

References

https://docs.wso2.com/display/Security/Security+Advisory+WSO2-2019-0665