CVE-2020-13883
Description
In WSO2 API Manager 3.0.0 and earlier, WSO2 API Microgateway 2.2.0, and WSO2 IS as Key Manager 5.9.0 and earlier, Management Console allows XXE during addition or update of a Lifecycle.
Related CPE's
CvssV3 impact
BaseSeverity | MEDIUM |
ConfidentialityImpact | LOW |
AttackComplexity | LOW |
Scope | UNCHANGED |
AttackVector | NETWORK |
AvailabilityImpact | HIGH |
IntegrityImpact | HIGH |
PrivilegesRequired | HIGH |
BaseScore | 6.7 |
VectorString | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:H |
Version | 3.1 |
UserInteraction | NONE |
CvssV2 impact
AccessComplexity | LOW |
ConfidentialityImpact | PARTIAL |
AvailabilityImpact | PARTIAL |
IntegrityImpact | PARTIAL |
BaseScore | 6.5 |
VectorString | AV:N/AC:L/Au:S/C:P/I:P/A:P |
Version | 2.0 |
AccessVector | NETWORK |
Authentication | SINGLE |