CVE-2020-13883
Severity Score
6.7
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
In WSO2 API Manager 3.0.0 and earlier, WSO2 API Microgateway 2.2.0, and WSO2 IS as Key Manager 5.9.0 and earlier, Management Console allows XXE during addition or update of a Lifecycle.
En WSO2 API Manager versiones 3.0.0 y anteriores, WSO2 API Microgateway versión 2.2.0 y WSO2 IS como Key Manager versiones 5.9.0 y anteriores, Management Console permite un ataque de tipo XXE durante la adición o actualización de un Lifecycle
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2020-06-06 CVE Reserved
- 2020-06-06 CVE Published
- 2024-08-04 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-611: Improper Restriction of XML External Entity Reference
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://docs.wso2.com/display/Security/Security+Advisory+WSO2-2020-0727 | 2020-06-10 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Wso2 Search vendor "Wso2" | Api Manager Search vendor "Wso2" for product "Api Manager" | <= 3.0.0 Search vendor "Wso2" for product "Api Manager" and version " <= 3.0.0" | - |
Affected
| ||||||
| Wso2 Search vendor "Wso2" | Api Microgateway Search vendor "Wso2" for product "Api Microgateway" | 2.2.0 Search vendor "Wso2" for product "Api Microgateway" and version "2.2.0" | - |
Affected
| ||||||
| Wso2 Search vendor "Wso2" | Identity Server As Key Manager Search vendor "Wso2" for product "Identity Server As Key Manager" | <= 5.9.0 Search vendor "Wso2" for product "Identity Server As Key Manager" and version " <= 5.9.0" | - |
Affected
| ||||||