CVE-2020-12719 HIGH

CVE-2020-12719

Vendor N/A
Product n/a
Published May 7, 2020
Last update August 4, 2024

CVSS base score

8.7/10
Attack vector Network
Attack complexity Low
Privileges required High
User interaction None
Confidentiality High
Integrity None

CVSS vector

CVSS:3.0/AC:L/AV:N/A:H/C:H/I:N/PR:H/S:C/UI:N

What the vulnerability does

01Description

XXE during an EventPublisher update can occur in Management Console in WSO2 API Manager 3.0.0 and earlier, API Manager Analytics 2.5.0 and earlier, API Microgateway 2.2.0, Enterprise Integrator 6.4.0 and earlier, IS as Key Manager 5.9.0 and earlier, Identity Server 5.9.0 and earlier, and Identity Server Analytics 5.6.0 and earlier.

Key dates

02Disclosure timeline

May 7, 2020 CVE published
August 4, 2024 Record updated