RSS   Vulnerabilities for 'Api manager analytics'   RSS

2021-04-05
 
CVE-2020-17453

CWE-79
 

 
WSO2 Management Console through 5.10 allows XSS via the carbon/admin/login.jsp msgId parameter.

 
2020-08-27
 
CVE-2020-24706

CWE-79
 

 
An issue was discovered in certain WSO2 products. The Try It tool allows Reflected XSS. This affects API Manager through 3.1.0, API Manager Analytics 2.5.0, IS as Key Manager through 5.10.0, Identity Server through 5.10.0, Identity Server Analytics through 5.6.0, and IoT Server 3.1.0.

 
2020-08-21
 
CVE-2020-24591

CWE-776
 

 
The Management Console in certain WSO2 products allows XXE attacks during EventReceiver updates. This affects API Manager through 3.0.0, API Manager Analytics 2.2.0 and 2.5.0, API Microgateway 2.2.0, Enterprise Integrator 6.2.0 and 6.3.0, and Identity Server Analytics through 5.6.0.

 
2020-05-08
 
CVE-2020-12719

CWE-611
 

 
XXE during an EventPublisher update can occur in Management Console in WSO2 API Manager 3.0.0 and earlier, API Manager Analytics 2.5.0 and earlier, API Microgateway 2.2.0, Enterprise Integrator 6.4.0 and earlier, IS as Key Manager 5.9.0 and earlier, Identity Server 5.9.0 and earlier, and Identity Server Analytics 5.6.0 and earlier.

 

 >>> Vendor: WSO2 25 Products
Carbon
Enablement server for java
Identity server
Storage server
Data analytics server
Iot server
Enterprise integrator
Business rules server
Api manager
Business process server
Dashboard server
Message broker
Enterprise mobility manager
Application server
Data services server
Complex event processor
Governance registry
App manager
Machine learner
Identity server as key manager
Api manager analytics
Api microgateway
Identity server analytics
Api microgatewa
Micro integrator


Copyright 2021, cxsecurity.com

 

Back to Top