CVE-2020-24589

Critical

The Management Console in WSO2 API Manager through 3.1.0 and API Microgateway 2.2.0 allows XML External Entity injection (XXE) attacks.

mitre·CWE-611·Published 2020-08-21

CVSS

9.1

EPSS

0.27

KEV

Exploits

cve.orgen

135 chars

The Management Console in WSO2 API Manager through 3.1.0 and API Microgateway 2.2.0 allows XML External Entity injection (XXE) attacks.

NVDen

135 chars

The Management Console in WSO2 API Manager through 3.1.0 and API Microgateway 2.2.0 allows XML External Entity injection (XXE) attacks.

La Consola de Administración en WSO2 API Manager versiones hasta 3.1.0 y API Microgateway versión 2.2.0, permite ataques de tipo XML External Entity injection (XXE).

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
2.0	Primary	NVD	6.4	10.0	4.9	AV:N/AC:L/Au:N/C:P/I:N/A:P
3.1	Primary	cve.org	9.1	—	—	CVSS:3.1/AC:L/AV:N/A:H/C:H/I:N/PR:N/S:U/UI:N
3.1	Primary	cve.org	9.1	—	—	CVSS:3.1/AC:L/AV:N/A:H/C:H/I:N/PR:N/S:U/UI:N
3.1	Primary	NVD	9.1	3.9	5.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
3.1	Secondary	NVD	9.1	3.9	5.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H