Due to the improper configuration of XML parser, user-supplied XML is parsed without applying sufficient restrictions, enabling XML External Entity (XXE) resolution in multiple WSO2 Products. A successful XXE attack could allow a remote, unauthenticated attacker to: * Read sensitive files from the server’s filesystem. * Perform denial-of-service (DoS) attacks, which can render the affected service unavailable.
2025-05-05T09:15:15.923
2025-10-16T12:15:47.167
Modified
ed10eef1-636d-4fbe-9993-6890dfa878f8
CVSSv3.1: 9.1 (CRITICAL)
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Application | wso2 | api_manager | ≤ 2.0.0 | Yes |