CVE-2020-24589
published 2020-08-21CVE-2020-24589: The Management Console in WSO2 API Manager through 3.1.0 and API Microgateway 2.2.0 allows XML External Entity injection (XXE) attacks.
PriorityP184critical9.1CVSS 3.1
AVNACLPRNUINSUCHINAH
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
26.94%
97.8th percentile
The Management Console in WSO2 API Manager through 3.1.0 and API Microgateway 2.2.0 allows XML External Entity injection (XXE) attacks.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| wso2 | api_manager | <= 3.1.0 | — |
| wso2 | api_microgateway | — | — |
Detection & IOCsextracted from sources · hover to see the quote
url%25xxe%3b]>
- →Detect XXE exploitation attempts against WSO2 API Manager Management Console by matching HTTP interactions triggered via out-of-band (OOB) DNS/HTTP callbacks (interactsh_protocol: http)
- →Confirm exploitation by checking the response body for the WSO2-specific error string 'Failed to install the generic artifact type', indicating the XXE payload was processed by the Management Console
- ·Both matcher conditions must be satisfied simultaneously (matchers-condition: and) — an OOB HTTP callback AND the specific body string must both be present to confirm exploitation, reducing false positives
- ·Affected versions are WSO2 API Manager through 3.1.0 and API Microgateway 2.2.0; the XXE attack surface is the Management Console component ↗
CVSS provenance
nvdv3.19.1CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
nvdv2.06.4MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:P
vulncheck9.1CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-6c4q-j8wj-wf2x: The Management Console in WSO2 API Manager through 3
ghsa_unreviewed·2022-05-24
CVE-2020-24589 [MEDIUM] CWE-776 GHSA-6c4q-j8wj-wf2x: The Management Console in WSO2 API Manager through 3
The Management Console in WSO2 API Manager through 3.1.0 and API Microgateway 2.2.0 allows XML External Entity injection (XXE) attacks.
VulnCheck
WSO2 api_manager Improper Restriction of XML External Entity Reference
vulncheck·2020·CVSS 9.1
CVE-2020-24589 [CRITICAL] WSO2 api_manager Improper Restriction of XML External Entity Reference
WSO2 api_manager Improper Restriction of XML External Entity Reference
The Management Console in WSO2 API Manager through 3.1.0 and API Microgateway 2.2.0 allows XML External Entity injection (XXE) attacks.
Affected: WSO2 api_manager
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://dashboard.shadowserver.org/statistics/honeypot/vulnerability/map/?day=2024-01-22&host_type=src&vulnerability=cve-2020-24589; https://dashboard.shadowserver.org/statistics/honeypot/vulnerability/map/?day=2024-01-24&host_type=src&vulnerability=cve-2020-24589; https://dashboard.shadowserver.org/statistics/honeypot/vulnerability/map/?day=2024-01-27&host_type=src&vulnerabilit
No detection rules found.
Nuclei
WSO2 API Manager <=3.1.0 - Blind XML External Entity Injection
nuclei·CVSS 9.1
CVE-2020-24589 [CRITICAL] WSO2 API Manager <=3.1.0 - Blind XML External Entity Injection
WSO2 API Manager %25xxe%3b]>
matchers-condition: and
matchers:
- type: word
part: interactsh_protocol
words:
- "http"
- type: word
part: body
words:
- "Failed to install the generic artifact type"
# digest: 490a0046304402206fc9e0c5997e5e1f2f4a659d128ddd3741a62a513a2fefd24a71971b46fe92f2022051b39de9422404da56ef1cd892c3b059f6743c91faa12f92bad4826c9af34885:922c64590222798bb761d5b6d8e72950
No writeups or analysis indexed.
2020-08-21
Published
Exploited in the wild