Vulnerabilities for Api manager analytics (...) - CXSECURITY.COM

Vulnerabilities for 'Api manager analytics'

2021-04-05

CVE-2020-17453

CWE-79

WSO2 Management Console through 5.10 allows XSS via the carbon/admin/login.jsp msgId parameter.

2020-08-27

CVE-2020-24706

CWE-79

An issue was discovered in certain WSO2 products. The Try It tool allows Reflected XSS. This affects API Manager through 3.1.0, API Manager Analytics 2.5.0, IS as Key Manager through 5.10.0, Identity Server through 5.10.0, Identity Server Analytics through 5.6.0, and IoT Server 3.1.0.

2020-08-21

CVE-2020-24591

CWE-776

The Management Console in certain WSO2 products allows XXE attacks during EventReceiver updates. This affects API Manager through 3.0.0, API Manager Analytics 2.2.0 and 2.5.0, API Microgateway 2.2.0, Enterprise Integrator 6.2.0 and 6.3.0, and Identity Server Analytics through 5.6.0.

2020-05-08

CVE-2020-12719

CWE-611

XXE during an EventPublisher update can occur in Management Console in WSO2 API Manager 3.0.0 and earlier, API Manager Analytics 2.5.0 and earlier, API Microgateway 2.2.0, Enterprise Integrator 6.4.0 and earlier, IS as Key Manager 5.9.0 and earlier, Identity Server 5.9.0 and earlier, and Identity Server Analytics 5.6.0 and earlier.

>>> Vendor: WSO2 25 Products

Enablement server for java

Identity server

Data analytics server

Enterprise integrator

Business rules server

Business process server

Dashboard server

Enterprise mobility manager

Application server

Data services server

Complex event processor

Governance registry

Machine learner

Identity server as key manager

Api manager analytics

Api microgateway

Identity server analytics

Api microgatewa

Micro integrator

Copyright 2024, cxsecurity.com