CVE-2023-6836
published 2023-12-15CVE-2023-6836: Multiple WSO2 products have been identified as vulnerable due to an XML External Entity (XXE) attack abuses a widely available but rarely used feature of XML…
PriorityP342high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EPSS
0.48%
38.0th percentile
Multiple WSO2 products have been identified as vulnerable due to an XML External Entity (XXE) attack abuses a widely available but rarely used feature of XML parsers to access sensitive information.
Affected
31 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| wso2 | api_manager | <= 3.0.0 | — |
| wso2 | api_manager_analytics | — | — |
| wso2 | api_manager_analytics | — | — |
| wso2 | api_microgateway | — | — |
| wso2 | enterprise_integrator | <= 6.6.0 | — |
| wso2 | identity_server | — | — |
| wso2 | identity_server | — | — |
| wso2 | identity_server | — | — |
| wso2 | identity_server | — | — |
| wso2 | identity_server_as_key_manager | — | — |
| wso2 | identity_server_as_key_manager | — | — |
| wso2 | identity_server_as_key_manager | — | — |
| wso2 | identity_server_as_key_manager | — | — |
| wso2 | micro_integrator | — | — |
| wso2 | wso2_api_manager | >= 3.0.0.0 < 3.0.0.1 | 3.0.0.1 |
| wso2 | wso2_api_manager_analytics | >= 2.2.0.0 < 2.2.0.1 | 2.2.0.1 |
| wso2 | wso2_api_manager_analytics | >= 2.5.0.0 < 2.5.0.1 | 2.5.0.1 |
| wso2 | wso2_api_microgateway | >= 2.2.0.0 < 2.2.0.1 | 2.2.0.1 |
| wso2 | wso2_enterprise_integrator | >= 6.0.0.0 < 6.0.0.3 | 6.0.0.3 |
| wso2 | wso2_enterprise_integrator | >= 6.1.0.0 < 6.1.0.5 | 6.1.0.5 |
| wso2 | wso2_enterprise_integrator | >= 6.1.1.0 < 6.1.1.5 | 6.1.1.5 |
| wso2 | wso2_enterprise_integrator | >= 6.6.0.0 < 6.6.0.1 | 6.6.0.1 |
| wso2 | wso2_identity_server | >= 5.4.0.0 < 5.4.0.1 | 5.4.0.1 |
| wso2 | wso2_identity_server | >= 5.4.1.0 < 5.4.1.1 | 5.4.1.1 |
| wso2 | wso2_identity_server | >= 5.5.0.0 < 5.5.0.1 | 5.5.0.1 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
WSO2 products vulnerable to XML External Entity attack
ghsa·2023-12-15
CVE-2023-6836 [MEDIUM] CWE-611 WSO2 products vulnerable to XML External Entity attack
WSO2 products vulnerable to XML External Entity attack
Multiple WSO2 products have been identified as vulnerable due to an XML External Entity (XXE) attack abuses a widely available but rarely used feature of XML parsers to access sensitive information.
OSV
WSO2 products vulnerable to XML External Entity attack
osv·2023-12-15
CVE-2023-6836 [MEDIUM] WSO2 products vulnerable to XML External Entity attack
WSO2 products vulnerable to XML External Entity attack
Multiple WSO2 products have been identified as vulnerable due to an XML External Entity (XXE) attack abuses a widely available but rarely used feature of XML parsers to access sensitive information.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2023-12-15
Published