WSO2 Management Console XML Injection

Credit: Hakan Bayir
Risk: Medium
Local: No
Remote: Yes

XML External Entity (XXE) vulnerability in the WSO2 Management Console I. VULNERABILITY ------------------------- XML External Entity (XXE) II. CVE REFERENCE ------------------------- CVE-2021-42646 III. VENDOR ------------------------- IV. TIMELINE ------------------------- 14/02/2021 Vulnerability discovered 14/02/2021 Vendor contacted 01/07/2021 WSO2 replay that they fixed V. CREDIT ------------------------- Hakan Bayir at Cyberwise. VI. DESCRIPTION ------------------------- An XML External Entity vulnerability was identified in the file based service provider creation feature of the Management Console. VII. Remediation ------------------------- If the latest version of the affected WSO2 product is not mentioned under the affected product list, you may migrate to the latest version to receive security fixes. Otherwise you may apply the relevant fixes to the product based on the public fix: -- Hakan Bayır

Vote for this issue:


Thanks for you vote!


Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2022,


Back to Top