XML External Entity (XXE) Vulnerability in WSO2 Enterprise Integrator 6.6.0: Unintended Network Invocations and SSRF via XML Validator
CVE-2020-11885 · HIGH Severity
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
WSO2 Enterprise Integrator through 6.6.0 has an XXE vulnerability where a user (with admin console access) can use the XML validator to make unintended network invocations such as SSRF via an uploaded file.
Learn more about our Network Penetration Testing.