Vulnerabilities > Wso2 > Identity Server > Critical

DATE CVE VULNERABILITY TITLE RISK
2022-05-11 CVE-2021-42646 XXE vulnerability in Wso2 products
XML External Entity (XXE) vulnerability in the file based service provider creation feature of the Management Console in WSO2 API Manager 2.6.0, 3.0.0, 3.1.0, 3.2.0, and 4.0.0; and WSO2 IS as Key Manager 5.7.0, 5.9.0, and 5.10.0; and WSO2 Identity Server 5.7.0, 5.8.0, 5.9.0, 5.10.0, and 5.11.0.
network
low complexity
wso2 CWE-611
critical
9.1
2022-04-18 CVE-2022-29464 Path Traversal vulnerability in Wso2 products
Certain WSO2 products allow unrestricted file upload with resultant remote code execution.
network
low complexity
wso2 CWE-22
critical
9.8