CVE-2023-6836
Published: Dec 15, 2023
Modified: Aug 2, 2024
CVSS v3.1
4.6
Description
Multiple WSO2 products have been identified as vulnerable due to an XML External Entity (XXE) attack abuses a widely available but rarely used feature of XML parsers to access sensitive information.
| Vendor | Product | Versions |
|---|---|---|
WSO2 | WSO2 API Manager | unknown 0 - < 3.0.0.0affected 3.0.0.0 - < 3.0.0.1 |
WSO2 | WSO2 API Manager Analytics | unknown 0 - < 2.2.0.0affected 2.2.0.0 - < 2.2.0.1affected 2.5.0.0 - < 2.5.0.1 |
WSO2 | WSO2 API Microgateway | unknown 0 - < 2.2.0.0affected 2.2.0.0 - < 2.2.0.1 |
WSO2 | WSO2 Enterprise Integrator | unknown 0 - < 6.0.0.2affected 6.0.0.0 - < 6.0.0.3affected 6.1.0.0 - < 6.1.0.5affected 6.1.1.0 - < 6.1.1.5affected 6.6.0.0 - < 6.6.0.1 |
WSO2 | WSO2 IS as Key Manager | unknown 0 - < 5.5.0.0affected 5.5.0.0 - < 5.5.0.1affected 5.6.0.0 - < 5.6.0.1affected 5.7.0.0 - < 5.7.0.1affected 5.9.0.0 - < 5.9.0.1 |
WSO2 | WSO2 Identity Server | unknown 0 - < 5.4.0.0affected 5.4.0.0 - < 5.4.0.1affected 5.4.1.0 - < 5.4.1.1affected 5.5.0.0 - < 5.5.0.1affected 5.6.0.0 - < 5.6.0.1 |
WSO2 | WSO2 Micro Integrator | unknown 0 - < 1.0.0.0affected 1.0.0.0 - < 1.0.0.1 |
Weaknesses (CWE)
CVSS v3.1 Details
CVSS v3.1 Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now