CVE-2020-24591 Information

Description

The Management Console in certain WSO2 products allows XXE attacks during EventReceiver updates. This affects API Manager through 3.0.0 API Manager Analytics 2.2.0 and 2.5.0 API Microgateway 2.2.0 Enterprise Integrator 6.2.0 and 6.3.0 and Identity Server Analytics through 5.6.0.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H

Reference

https://docs.wso2.com/display/Security/Security+Advisory+WSO2-2020-0728

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction Required

HIGH

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

NONE

Base Score

HIGH

Base Severity

6.5