NotCVE - vendor:"Wso2" product:"Enterprise Integrator" version:" <= 6.4.0"

Page 2 of 14 results (0.001 seconds)

CVSS: 6.5EPSS: 0%CPEs: 7EXPL: 0

CVE-2020-24591

https://notcve.org/view.php?id=CVE-2020-24591

21 Aug 2020 — The Management Console in certain WSO2 products allows XXE attacks during EventReceiver updates. This affects API Manager through 3.0.0, API Manager Analytics 2.2.0 and 2.5.0, API Microgateway 2.2.0, Enterprise Integrator 6.2.0 and 6.3.0, and Identity Server Analytics through 5.6.0. La Consola de Administración en determinados productos WSO2, permite ataques de tipo XXE durante las actualizaciones de EventReceiver. Esto afecta a la API Manager versiones hasta 3.0.0, la API Manager Analytics versiones 2.2.0 ... • https://docs.wso2.com/display/Security/Security+Advisory+WSO2-2020-0728 • CWE-611: Improper Restriction of XML External Entity Reference •

CVSS: 8.7EPSS: 0%CPEs: 7EXPL: 0

CVE-2020-12719

https://notcve.org/view.php?id=CVE-2020-12719

07 May 2020 — XXE during an EventPublisher update can occur in Management Console in WSO2 API Manager 3.0.0 and earlier, API Manager Analytics 2.5.0 and earlier, API Microgateway 2.2.0, Enterprise Integrator 6.4.0 and earlier, IS as Key Manager 5.9.0 and earlier, Identity Server 5.9.0 and earlier, and Identity Server Analytics 5.6.0 and earlier. Una vulnerabilidad de tipo XXE durante una actualización de EventPublisher puede presentarse en Management Console en WSO2 API Manager versiones 3.0.0 y anteriores, API Manager A... • https://docs.wso2.com/display/Security/Security+Advisory+WSO2-2019-0665 • CWE-611: Improper Restriction of XML External Entity Reference •

CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0

CVE-2020-11885

https://notcve.org/view.php?id=CVE-2020-11885

17 Apr 2020 — WSO2 Enterprise Integrator through 6.6.0 has an XXE vulnerability where a user (with admin console access) can use the XML validator to make unintended network invocations such as SSRF via an uploaded file. WSO2 Enterprise Integrator versiones hasta 6.6.0, tiene una vulnerabilidad de tipo XXE en la que un usuario (con acceso a la consola de administración) puede usar el validador XML para hacer invocaciones de red no intencionadas tales como SSRF por medio de un archivo cargado. • https://docs.wso2.com/display/Security/Security+Advisory+WSO2-2020-0684 • CWE-611: Improper Restriction of XML External Entity Reference CWE-918: Server-Side Request Forgery (SSRF) •

CVSS: 4.8EPSS: 9%CPEs: 17EXPL: 2

CVE-2017-14651

https://notcve.org/view.php?id=CVE-2017-14651

21 Sep 2017 — WSO2 Data Analytics Server 3.1.0 has XSS in carbon/resources/add_collection_ajaxprocessor.jsp via the collectionName or parentPath parameter. WSO2 Data Analytics Server 3.1.0 tiene una vulnerabilidad de tipo Cross-Site Scripting (XSS) en carbon/resources/add_collection_ajaxprocessor.jsp mediante los parámetros collectionName o parentPath. • https://cybersecurityworks.com/zerodays/cve-2017-14651-wso2.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

1 2