Vulnerability Description
Multiple WSO2 products have been identified as vulnerable due to an XML External Entity (XXE) attack abuses a widely available but rarely used feature of XML parsers to access sensitive information.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Wso2 | Api Manager | <= 3.0.0 |
| Wso2 | Api Manager Analytics | 2.2.0 |
| Wso2 | Api Microgateway | 2.2.0 |
| Wso2 | Enterprise Integrator | <= 6.6.0 |
| Wso2 | Identity Server As Key Manager | 5.0.0 |
| Wso2 | Identity Server | 5.4.0 |
| Wso2 | Micro Integrator | 1.0.0 |
Related Weaknesses (CWE)
References
- https://security.docs.wso2.com/en/latest/security-announcements/security-advisorVendor Advisory
- https://security.docs.wso2.com/en/latest/security-announcements/security-advisorVendor Advisory
FAQ
What is CVE-2023-6836?
CVE-2023-6836 is a vulnerability with a CVSS score of 4.6 (MEDIUM). Multiple WSO2 products have been identified as vulnerable due to an XML External Entity (XXE) attack abuses a widely available but rarely used feature of XML parsers to access sensitive information.
How severe is CVE-2023-6836?
CVE-2023-6836 has been rated MEDIUM with a CVSS base score of 4.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-6836?
Check the references section above for vendor advisories and patch information. Affected products include: Wso2 Api Manager, Wso2 Api Manager Analytics, Wso2 Api Microgateway, Wso2 Enterprise Integrator, Wso2 Identity Server As Key Manager.