cbcvebase.
CVE-2020-24589
published 2020-08-21

CVE-2020-24589: The Management Console in WSO2 API Manager through 3.1.0 and API Microgateway 2.2.0 allows XML External Entity injection (XXE) attacks.

PriorityP184critical9.1CVSS 3.1
AVNACLPRNUINSUCHINAH
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
26.94%
97.8th percentile
The Management Console in WSO2 API Manager through 3.1.0 and API Microgateway 2.2.0 allows XML External Entity injection (XXE) attacks.

Affected

2 ranges
VendorProductVersion rangeFixed in
wso2api_manager<= 3.1.0
wso2api_microgateway

Detection & IOCsextracted from sources · hover to see the quote

url%25xxe%3b]>
  • Detect XXE exploitation attempts against WSO2 API Manager Management Console by matching HTTP interactions triggered via out-of-band (OOB) DNS/HTTP callbacks (interactsh_protocol: http)
  • Confirm exploitation by checking the response body for the WSO2-specific error string 'Failed to install the generic artifact type', indicating the XXE payload was processed by the Management Console
  • ·Both matcher conditions must be satisfied simultaneously (matchers-condition: and) — an OOB HTTP callback AND the specific body string must both be present to confirm exploitation, reducing false positives
  • ·Affected versions are WSO2 API Manager through 3.1.0 and API Microgateway 2.2.0; the XXE attack surface is the Management Console component

CVSS provenance

nvdv3.19.1CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
nvdv2.06.4MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:P
vulncheck9.1CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.