Vulnerability Description
In WSO2 API Manager 3.0.0 and earlier, WSO2 API Microgateway 2.2.0, and WSO2 IS as Key Manager 5.9.0 and earlier, Management Console allows XXE during addition or update of a Lifecycle.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Wso2 | Api Manager | <= 3.0.0 |
| Wso2 | Api Microgateway | 2.2.0 |
| Wso2 | Identity Server As Key Manager | <= 5.9.0 |
Related Weaknesses (CWE)
References
- https://docs.wso2.com/display/Security/Security+Advisory+WSO2-2020-0727Vendor Advisory
- https://docs.wso2.com/display/Security/Security+Advisory+WSO2-2020-0727Vendor Advisory
FAQ
What is CVE-2020-13883?
CVE-2020-13883 is a vulnerability with a CVSS score of 6.7 (MEDIUM). In WSO2 API Manager 3.0.0 and earlier, WSO2 API Microgateway 2.2.0, and WSO2 IS as Key Manager 5.9.0 and earlier, Management Console allows XXE during addition or update of a Lifecycle.
How severe is CVE-2020-13883?
CVE-2020-13883 has been rated MEDIUM with a CVSS base score of 6.7/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-13883?
Check the references section above for vendor advisories and patch information. Affected products include: Wso2 Api Manager, Wso2 Api Microgateway, Wso2 Identity Server As Key Manager.