XML External Entity (XXE) Vulnerability in WSO2 Enterprise Integrator 6.6.0: Unintended Network Invocations and SSRF via XML Validator

XML External Entity (XXE) Vulnerability in WSO2 Enterprise Integrator 6.6.0: Unintended Network Invocations and SSRF via XML Validator

CVE-2020-11885 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

WSO2 Enterprise Integrator through 6.6.0 has an XXE vulnerability where a user (with admin console access) can use the XML validator to make unintended network invocations such as SSRF via an uploaded file.

Learn more about our Network Penetration Testing.