CVE-2023-6836
4.6
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
Summary
Multiple WSO2 products have been identified as vulnerable due to an XML External Entity (XXE) attack abuses a widely available but rarely used feature of XML parsers to access sensitive information.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| WSO2 | WSO2 API Manager | 0 < 3.0.0.0 | unknown |
| WSO2 | WSO2 API Manager | 3.0.0.0 < 3.0.0.1 | affected |
| WSO2 | WSO2 API Manager Analytics | 0 < 2.2.0.0 | unknown |
| WSO2 | WSO2 API Manager Analytics | 2.2.0.0 < 2.2.0.1 | affected |
| WSO2 | WSO2 API Manager Analytics | 2.5.0.0 < 2.5.0.1 | affected |
| WSO2 | WSO2 API Microgateway | 0 < 2.2.0.0 | unknown |
| WSO2 | WSO2 API Microgateway | 2.2.0.0 < 2.2.0.1 | affected |
| WSO2 | WSO2 Enterprise Integrator | 0 < 6.0.0.2 | unknown |
| WSO2 | WSO2 Enterprise Integrator | 6.0.0.0 < 6.0.0.3 | affected |
| WSO2 | WSO2 Enterprise Integrator | 6.1.0.0 < 6.1.0.5 | affected |
| WSO2 | WSO2 Enterprise Integrator | 6.1.1.0 < 6.1.1.5 | affected |
| WSO2 | WSO2 Enterprise Integrator | 6.6.0.0 < 6.6.0.1 | affected |
| WSO2 | WSO2 IS as Key Manager | 0 < 5.5.0.0 | unknown |
| WSO2 | WSO2 IS as Key Manager | 5.5.0.0 < 5.5.0.1 | affected |
| WSO2 | WSO2 IS as Key Manager | 5.6.0.0 < 5.6.0.1 | affected |
| WSO2 | WSO2 IS as Key Manager | 5.7.0.0 < 5.7.0.1 | affected |
| WSO2 | WSO2 IS as Key Manager | 5.9.0.0 < 5.9.0.1 | affected |
| WSO2 | WSO2 Identity Server | 0 < 5.4.0.0 | unknown |
| WSO2 | WSO2 Identity Server | 5.4.0.0 < 5.4.0.1 | affected |
| WSO2 | WSO2 Identity Server | 5.4.1.0 < 5.4.1.1 | affected |
| WSO2 | WSO2 Identity Server | 5.5.0.0 < 5.5.0.1 | affected |
| WSO2 | WSO2 Identity Server | 5.6.0.0 < 5.6.0.1 | affected |
| WSO2 | WSO2 Micro Integrator | 0 < 1.0.0.0 | unknown |
| WSO2 | WSO2 Micro Integrator | 1.0.0.0 < 1.0.0.1 | affected |
Weaknesses
- CWE-611: CWE-611 Improper Restriction of XML External Entity Reference
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.