CVSS: 9.1EPSS: 0%CPEs: 2EXPL: 0CVE-2020-24590
https://notcve.org/view.php?id=CVE-2020-24590
The Management Console in WSO2 API Manager through 3.1.0 and API Microgateway 2.2.0 allows XML Entity Expansion attacks. La Consola de Administración en WSO2 API Manager versiones hasta 3.1.0 y API Microgateway versión 2.2.0, permite un ataque de tipo XML Entity Expansion. • https://docs.wso2.com/display/Security/Security+Advisory+WSO2-2020-0742 • CWE-776: Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion') •
CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 1CVE-2020-14444
https://notcve.org/view.php?id=CVE-2020-14444
An issue was discovered in WSO2 Identity Server through 5.9.0 and WSO2 IS as Key Manager through 5.9.0. A potential Reflected Cross-Site Scripting (XSS) vulnerability has been identified in the Management Console Policy Administration user interface. Se detectó un problema en WSO2 Identity Server versiones hasta 5.9.0 y WSO2 IS como Key Manager versiones hasta 5.9.0. Se identificó una potencial vulnerabilidad de tipo Cross-Site Scripting (XSS) Reflejado en la interfaz de usuario Management Console Policy Administration • https://cybersecurityworks.com/zerodays/cve-2020-14444-wso2.html https://docs.wso2.com/display/Security/Security+Advisory+WSO2-2020-0707 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 1CVE-2020-14445
https://notcve.org/view.php?id=CVE-2020-14445
An issue was discovered in WSO2 Identity Server through 5.9.0 and WSO2 IS as Key Manager through 5.9.0. A potential Reflected Cross-Site Scripting (XSS) vulnerability has been identified in the Management Console Basic Policy Editor user Interface. Se detectó un problema en WSO2 Identity Server versiones hasta 5.9.0 y WSO2 IS como Key Manager versiones hasta 5.9.0. Se ha identificado una potencial vulnerabilidad de tipo Cross-Site Scripting (XSS) Reflejado en la interfaz de usuario Management Console Basic Policy Editor • https://cybersecurityworks.com/zerodays/cve-2020-14445-wso2.html https://docs.wso2.com/display/Security/Security+Advisory+WSO2-2020-0711 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 1CVE-2020-14446
https://notcve.org/view.php?id=CVE-2020-14446
An issue was discovered in WSO2 Identity Server through 5.10.0 and WSO2 IS as Key Manager through 5.10.0. An open redirect exists. Se detectó un problema en WSO2 Identity Server versiones hasta 5.10.0 y WSO2 IS como Key Manager versiones hasta 5.10.0. Se presenta un redireccionamiento abierto • https://cybersecurityworks.com/zerodays/cve-2020-14446-wso2.html https://docs.wso2.com/display/Security/Security+Advisory+WSO2-2020-0713 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 6.7EPSS: 0%CPEs: 3EXPL: 0CVE-2020-13883
https://notcve.org/view.php?id=CVE-2020-13883
In WSO2 API Manager 3.0.0 and earlier, WSO2 API Microgateway 2.2.0, and WSO2 IS as Key Manager 5.9.0 and earlier, Management Console allows XXE during addition or update of a Lifecycle. En WSO2 API Manager versiones 3.0.0 y anteriores, WSO2 API Microgateway versión 2.2.0 y WSO2 IS como Key Manager versiones 5.9.0 y anteriores, Management Console permite un ataque de tipo XXE durante la adición o actualización de un Lifecycle • https://docs.wso2.com/display/Security/Security+Advisory+WSO2-2020-0727 • CWE-611: Improper Restriction of XML External Entity Reference •