CVE-2020-13883

MEDIUM

WSO2 API Manager <3.0.0, API Microgateway, IS as Key Manager <5.9.0 - XXE in Management Console

Title source: llm

Description

In WSO2 API Manager 3.0.0 and earlier, WSO2 API Microgateway 2.2.0, and WSO2 IS as Key Manager 5.9.0 and earlier, Management Console allows XXE during addition or update of a Lifecycle.

References (1)

Core 1

Core References

Vendor Advisory x_refsource_misc

https://docs.wso2.com/display/Security/Security+Advisory+WSO2-2020-0727

Scores

CVSS v3 6.7

EPSS 0.0080

EPSS Percentile 51.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:H

Details

CWE

CWE-611

Status published

Products (3)

wso2/api_manager < 3.0.0

wso2/api_microgateway 2.2.0

wso2/identity_server_as_key_manager < 5.9.0

Published Jun 06, 2020

Tracked Since Feb 18, 2026