CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-6513
https://notcve.org/view.php?id=CVE-2019-6513
An issue was discovered in WSO2 API Manager 2.6.0. It is possible for a logged-in user to upload, as API documentation, any type of file by changing the extension to an allowed one. Se encontró un problema en WSO2 API Manager 2.6.0. Es posible que un usuario logeado cargue, como documentación API, algún tipo de archivo cambiando la extensión a una permitida. • https://www.excellium-services.com/cert-xlm-advisory https://www.excellium-services.com/cert-xlm-advisory/cve-2019-6513 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2019-6515
https://notcve.org/view.php?id=CVE-2019-6515
An issue was discovered in WSO2 API Manager 2.6.0. Uploaded documents for API documentation are available to an unauthenticated user. Se descubrió un problema en WSO2 API Manager versión 2.6.0. Los documentos cargados para la documentación de la API están disponibles para un usuario no identificado. • https://wso2.com/security-patch-releases/api-manager https://www.excellium-services.com/cert-xlm-advisory •
CVSS: 4.1EPSS: 0%CPEs: 1EXPL: 0CVE-2019-6512
https://notcve.org/view.php?id=CVE-2019-6512
An issue was discovered in WSO2 API Manager 2.6.0. It is possible to force the application to perform requests to the internal workstation (SSRF port-scanning), other adjacent workstations (SSRF network scanning), or to enumerate files because of the existence of the file:// wrapper. Se descubrió un problema en WSO2 API Manager versión 2.6.0. Es posible forzar a la aplicación a ejecutar peticiones a la estación de trabajo interna (escaneo de puertos SSRF), a otras estaciones de trabajo adyacentes (escaneo de red SSRF), o a enumerar archivos producto de la existencia del wrapper file:// • https://wso2.com/security-patch-releases/api-manager https://www.excellium-services.com/cert-xlm-advisory • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2018-20736
https://notcve.org/view.php?id=CVE-2018-20736
An issue was discovered in WSO2 API Manager 2.1.0 and 2.6.0. A DOM-based XSS exists in the store part of the product. Se ha descubierto un problema en WSO2 API Manager 2.1.0 y 2.6.0. Existe Cross-Site Scripting (XSS) basado en DOM en la parte de tienda del producto. • https://github.com/wso2/carbon-apimgt/pull/5844/files https://wso2.com/security-patch-releases/api-manager https://www.excellium-services.com/cert-xlm-advisory/cve-2018-20736 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 3EXPL: 0CVE-2018-20737
https://notcve.org/view.php?id=CVE-2018-20737
An issue was discovered in WSO2 API Manager 2.1.0 and 2.6.0. Reflected XSS exists in the carbon part of the product. Se ha descubierto un problema en WSO2 API Manager 2.1.0 y 2.6.0. Existe Cross-Site Scripting (XSS) reflejado en la parte carbon de producto. • https://github.com/wso2-extensions/identity-inbound-auth-oauth/pull/978/files https://wso2.com/security-patch-releases/api-manager https://www.excellium-services.com/cert-xlm-advisory/cve-2018-20737 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •