Due to the improper configuration of XML parser, user-supplied XML is parsed without applying sufficient restrictions, enabling XML External Entity (XXE) resolution in multiple WSO2 Products.
A successful XXE attack could allow a remote, unauthenticated attacker to: * Read sensitive files from the server’s filesystem. * Perform denial-of-service (DoS) attacks, which can render the affected service unavailable.
{
"source": "CPE_RANGE",
"cpe": "cpe:2.3:a:wso2:api_manager:*:*:*:*:*:*:*:*",
"extracted_events": [
{
"introduced": "0"
},
{
"last_affected": "2.0.0"
}
]
}