What the vulnerability does
01Description
In WSO2 API Manager 3.0.0 and earlier, WSO2 API Microgateway 2.2.0, and WSO2 IS as Key Manager 5.9.0 and earlier, Management Console allows XXE during addition or update of a Lifecycle.
CVSS base score
CVSS vector
CVSS:3.0/AC:L/AV:N/A:H/C:L/I:N/PR:H/S:U/UI:N
What the vulnerability does
In WSO2 API Manager 3.0.0 and earlier, WSO2 API Microgateway 2.2.0, and WSO2 IS as Key Manager 5.9.0 and earlier, Management Console allows XXE during addition or update of a Lifecycle.
Key dates
External resources