XML External Entity Vulnerability in WSO2 Enterprise Integrator
CVE-2020-11885

4MEDIUM

Key Information:

Vendor: Wso2
Status: Enterprise Integrator
Vendor: CVE Published:; 17 April 2020

What is CVE-2020-11885?

WSO2 Enterprise Integrator versions up to 6.6.0 are susceptible to an XML External Entity (XXE) vulnerability. If an attacker, with administrative console access, uploads a specially crafted file, they can exploit the XML validation mechanism. This can lead to unintended network invocations, including Server-Side Request Forgery (SSRF) attacks, allowing malicious actions on other servers to which the integrator is connected.

References

https://docs.wso2.com/display/Security/Security+Advisory+...

x_refsource_MISC

CVSS V3.1

Score:

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

High

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 17, 2020
Vulnerability Reserved
Apr 17, 2020

Wso2

What is CVE-2020-11885?

References

CVSS V3.1

Timeline