CVE-2023-6839

Summary

Due to improper error handling, a REST API resource could expose a server side error containing an internal WSO2 specific package name in the HTTP response.

Affected Software

VendorProductVersion RangeStatus
WSO2WSO2 API Manager0 < 3.0.0.0unknown
WSO2WSO2 API Manager3.0.0.0 < 3.0.0.15affected
WSO2WSO2 API Manager3.2.0.0 < 3.2.0.32affected

Weaknesses

  • CWE-209: CWE-209 Generation of Error Message Containing Sensitive Information

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References