Vulnerabilities > CVE-2020-13226 - Server-Side Request Forgery (SSRF) vulnerability in Wso2 API Manager 3.0.0

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

wso2

CWE-918

critical

NVD

Published: 2020-05-20

Updated: 2020-05-21

Summary

WSO2 API Manager 3.0.0 does not properly restrict outbound network access from a Publisher node, opening up the possibility of SSRF to this node's entire intranet.

Vulnerable Configurations

Part	Description	Count
Application	Wso2 Wso2 API Manager 3.0.0	1

Common Weakness Enumeration (CWE)

CWE-918 - Server-Side Request Forgery (SSRF)

References

https://docs.wso2.com/display/Security/WSO2+Security+Vulnerability+Management+Process
https://github.com/wso2/product-apim/issues/7677
https://github.com/wso2/docs-apim/issues/816
https://docs.wso2.com/display/Security/Security+Advisories