CVE-2020-24590

CRITICAL

WSO2 API Manager <3.1.0, API Microgateway 2.2.0 - SSRF

Title source: llm
STIX 2.1

Description

The Management Console in WSO2 API Manager through 3.1.0 and API Microgateway 2.2.0 allows XML Entity Expansion attacks.

References (1)

Scores

CVSS v3 9.1
EPSS 0.0056
EPSS Percentile 68.4%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

Details

CWE
CWE-776
Status published
Products (2)
wso2/api_manager < 3.1.0
wso2/api_microgateway 2.2.0
Published Aug 21, 2020
Tracked Since Feb 18, 2026