CVE-2020-24591

Source
https://cve.org/CVERecord?id=CVE-2020-24591
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-24591.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2020-24591
Published
2020-08-21T20:15:11.093Z
Modified
2026-07-08T05:55:55.482072419Z
Severity
  • 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H CVSS Calculator
Summary
[none]
Details

The Management Console in certain WSO2 products allows XXE attacks during EventReceiver updates. This affects API Manager through 3.0.0, API Manager Analytics 2.2.0 and 2.5.0, API Microgateway 2.2.0, Enterprise Integrator 6.2.0 and 6.3.0, and Identity Server Analytics through 5.6.0.

Database specific
{
    "unresolved_ranges": [
        {
            "source": "CPE_RANGE",
            "cpes": [
                "cpe:2.3:a:wso2:identity_server_analytics:*:*:*:*:*:*:*:*"
            ],
            "vendor_product": "wso2:identity_server_analytics",
            "extracted_events": [
                {
                    "last_affected": "5.6.0"
                }
            ]
        },
        {
            "source": "CPE_STRING",
            "cpes": [
                "cpe:2.3:a:wso2:api_microgateway:2.2.0:*:*:*:*:*:*:*"
            ],
            "vendor_product": "wso2:api_microgateway",
            "extracted_events": [
                {
                    "introduced": "2.2.0"
                },
                {
                    "last_affected": "2.2.0"
                }
            ]
        }
    ]
}
References

Affected packages

Git
github.com/wso2/analytics-apim

Affected ranges

Type
GIT
Repo
https://github.com/wso2/analytics-apim
Events
Database specific
{
    "source": "CPE_STRING",
    "extracted_events": [
        {
            "introduced": "2.2.0"
        },
        {
            "last_affected": "2.2.0"
        },
        {
            "introduced": "2.5.0"
        },
        {
            "last_affected": "2.5.0"
        }
    ],
    "cpe": [
        "cpe:2.3:a:wso2:api_manager_analytics:2.2.0:*:*:*:*:*:*:*",
        "cpe:2.3:a:wso2:api_manager_analytics:2.5.0:*:*:*:*:*:*:*"
    ]
}

Affected versions

2.*
2.2.0
2.5.0
v2.*
v2.2.0
v2.2.0-update1
v2.2.0-update2
v2.5.0
v2.5.0-Alpha
v2.5.0-rc1
v2.5.0.Beta

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-24591.json"
github.com/wso2/product-apim

Affected ranges

Type
GIT
Repo
https://github.com/wso2/product-apim
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
Database specific
{
    "source": "CPE_RANGE",
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "3.0.0"
        }
    ],
    "cpe": "cpe:2.3:a:wso2:api_manager:*:*:*:*:*:*:*:*"
}

Affected versions

test-tag-1.*
test-tag-1.9.0-Alpha
v1.*
v1.9.0
v1.9.0-Alpha
v1.9.0-Beta
v1.9.0-Beta-2
v1.9.0-Beta-3
v1.9.0-M2
v2.*
v2.0.0-ALPHA
v2.0.0-M4
v2.1.0-alpha
v2.1.0-update1
v2.1.0-update10
v2.1.0-update11
v2.1.0-update12
v2.1.0-update13
v2.1.0-update14
v2.1.0-update2
v2.1.0-update3
v2.1.0-update5
v2.1.0-update7
v2.1.0-update8
v2.1.0-update9
v2.2.0
v2.2.0-update1
v2.2.0-update2
v2.2.0-update3
v2.2.0-update4
v2.2.0-update5
v2.2.0-update6
v2.2.0-update7
v2.5.0
v2.5.0-Alpha
v2.5.0-Beta
v2.5.0-rc1
v2.5.0-rc2
v2.5.0-rc3
v2.5.0-rc4
v2.6.0
v2.6.0-alpha
v2.6.0-alpha2
v2.6.0-beta
v2.6.0-beta2
v2.6.0-m1
v2.6.0-m2
v2.6.0-rc1
v2.6.0-rc2
v2.6.0-rc3
v3.*
v3.0.0
v3.0.0-alpha
v3.0.0-alpha2
v3.0.0-beta
v3.0.0-m32
v3.0.0-m33
v3.0.0-m34
v3.0.0-m35
v3.0.0-rc1
v3.0.0-rc2
v3.0.0-rc3

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-24591.json"
github.com/wso2/product-ei

Affected ranges

Type
GIT
Repo
https://github.com/wso2/product-ei
Events
Database specific
{
    "source": "CPE_STRING",
    "extracted_events": [
        {
            "introduced": "6.2.0"
        },
        {
            "last_affected": "6.2.0"
        },
        {
            "introduced": "6.3.0"
        },
        {
            "last_affected": "6.3.0"
        }
    ],
    "cpe": [
        "cpe:2.3:a:wso2:enterprise_integrator:6.2.0:*:*:*:*:*:*:*",
        "cpe:2.3:a:wso2:enterprise_integrator:6.3.0:*:*:*:*:*:*:*"
    ]
}

Affected versions

6.*
6.2.0
6.3.0
v6.*
v6.2.0
v6.2.0-rc2
v6.3.0
v6.3.0-m1
v6.3.0-m10
v6.3.0-m11
v6.3.0-m2
v6.3.0-m3
v6.3.0-m4
v6.3.0-m5
v6.3.0-m6
v6.3.0-m7
v6.3.0-m8
v6.3.0-m9
v6.3.0-rc1
v6.3.0-rc2

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-24591.json"