N/A

XXE during an EventPublisher update can occur in Management Console in WSO2 API Manager 3.0.0 and earlier, API Manager Analytics 2.5.0 and earlier, API Microgateway 2.2.0, Enterprise Integrator 6.4.0 and earlier, IS as Key Manager 5.9.0 and earlier, Identity Server 5.9.0 and earlier, and Identity Server Analytics 5.6.0 and earlier.

N/A

N/A

多款WSO2产品代码问题漏洞

WSO2 API Manager等都是美国WSO2公司的产品。WSO2 API Manager是一套API生命周期管理解决方案。WSO2 Identity Server（IS）是一款身份认证服务器。WSO2 Enterprise Integrator是一套开源的混合集成平台。 多款WSO2产品中存在安全漏洞。攻击者可利用该漏洞获取本地文件，造成拒绝服务，伪造服务器端请求，扫描端口或造成其他危害。以下产品及版本受到影响：WSO2 API Manager 3.0.0及之前版本；WSO2 API Manager

N/A

N/A