CVE-2023-6836

Summary

Multiple WSO2 products have been identified as vulnerable due to an XML External Entity (XXE) attack abuses a widely available but rarely used feature of XML parsers to access sensitive information.

Affected Software

VendorProductVersion RangeStatus
WSO2WSO2 API Manager0 < 3.0.0.0unknown
WSO2WSO2 API Manager3.0.0.0 < 3.0.0.1affected
WSO2WSO2 API Manager Analytics0 < 2.2.0.0unknown
WSO2WSO2 API Manager Analytics2.2.0.0 < 2.2.0.1affected
WSO2WSO2 API Manager Analytics2.5.0.0 < 2.5.0.1affected
WSO2WSO2 API Microgateway0 < 2.2.0.0unknown
WSO2WSO2 API Microgateway2.2.0.0 < 2.2.0.1affected
WSO2WSO2 Enterprise Integrator0 < 6.0.0.2unknown
WSO2WSO2 Enterprise Integrator6.0.0.0 < 6.0.0.3affected
WSO2WSO2 Enterprise Integrator6.1.0.0 < 6.1.0.5affected
WSO2WSO2 Enterprise Integrator6.1.1.0 < 6.1.1.5affected
WSO2WSO2 Enterprise Integrator6.6.0.0 < 6.6.0.1affected
WSO2WSO2 IS as Key Manager0 < 5.5.0.0unknown
WSO2WSO2 IS as Key Manager5.5.0.0 < 5.5.0.1affected
WSO2WSO2 IS as Key Manager5.6.0.0 < 5.6.0.1affected
WSO2WSO2 IS as Key Manager5.7.0.0 < 5.7.0.1affected
WSO2WSO2 IS as Key Manager5.9.0.0 < 5.9.0.1affected
WSO2WSO2 Identity Server0 < 5.4.0.0unknown
WSO2WSO2 Identity Server5.4.0.0 < 5.4.0.1affected
WSO2WSO2 Identity Server5.4.1.0 < 5.4.1.1affected
WSO2WSO2 Identity Server5.5.0.0 < 5.5.0.1affected
WSO2WSO2 Identity Server5.6.0.0 < 5.6.0.1affected
WSO2WSO2 Micro Integrator0 < 1.0.0.0unknown
WSO2WSO2 Micro Integrator1.0.0.0 < 1.0.0.1affected

Weaknesses

  • CWE-611: CWE-611 Improper Restriction of XML External Entity Reference

ADP Enrichment

CVE Program Container

Additional References

References