XML External Entity (XXE) Vulnerability in WSO2 API Manager, API Microgateway, and IS Key Manager

XML External Entity (XXE) Vulnerability in WSO2 API Manager, API Microgateway, and IS Key Manager

CVE-2020-13883 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:H

In WSO2 API Manager 3.0.0 and earlier, WSO2 API Microgateway 2.2.0, and WSO2 IS as Key Manager 5.9.0 and earlier, Management Console allows XXE during addition or update of a Lifecycle.

Learn more about our Api Penetration Testing.