cbcvebase.
CVE-2024-2374
published 2026-04-16

CVE-2024-2374: The XML parsers within multiple WSO2 products accept user-supplied XML data without properly configuring to prevent the resolution of external entities. This…

PriorityP354critical9.1CVSS 3.1
AVNACLPRNUINSUCHINAH
EPSS
0.38%
29.6th percentile
The XML parsers within multiple WSO2 products accept user-supplied XML data without properly configuring to prevent the resolution of external entities. This omission allows malicious actors to craft XML payloads that exploit the parser's behavior, leading to the inclusion of external resources. By leveraging this vulnerability, an attacker can read confidential files from the file system and access limited HTTP resources reachable by the product. Additionally, the vulnerability can be exploited to perform denial of service attacks by exhausting server resources through recursive entity expansion or fetching large external resources.

Affected

26 ranges· showing 25
VendorProductVersion rangeFixed in
wso2api_manager>= 3.1.0 < 3.1.0.2783.1.0.278
wso2api_manager>= 3.2.0 < 3.2.0.3683.2.0.368
wso2api_manager>= 4.0.0 < 4.0.0.2804.0.0.280
wso2api_manager>= 4.1.0 < 4.1.0.2064.1.0.206
wso2api_manager>= 4.2.0 < 4.2.0.1444.2.0.144
wso2api_manager>= 4.3.0 < 4.3.0.574.3.0.57
wso2identity_server>= 5.10.0 < 5.10.0.3005.10.0.300
wso2identity_server>= 5.11.0 < 5.11.0.3295.11.0.329
wso2identity_server>= 6.0.0 < 6.0.0.1796.0.0.179
wso2identity_server>= 6.1.0 < 6.1.0.1366.1.0.136
wso2identity_server_as_key_manager>= 5.10.0 < 5.10.0.2965.10.0.296
wso2open_banking_am>= 2.0.0 < 2.0.0.3282.0.0.328
wso2open_banking_iam>= 2.0.0 < 2.0.0.3482.0.0.348
wso2wso2_api_manager>= 3.1.0 < 3.1.0.2783.1.0.278
wso2wso2_api_manager>= 3.2.0 < 3.2.0.3683.2.0.368
wso2wso2_api_manager>= 4.0.0 < 4.0.0.2804.0.0.280
wso2wso2_api_manager>= 4.1.0 < 4.1.0.2064.1.0.206
wso2wso2_api_manager>= 4.2.0 < 4.2.0.1444.2.0.144
wso2wso2_api_manager>= 4.3.0 < 4.3.0.574.3.0.57
wso2wso2_identity_server>= 5.10.0 < 5.10.0.3005.10.0.300
wso2wso2_identity_server>= 5.11.0 < 5.11.0.3295.11.0.329
wso2wso2_identity_server>= 6.0.0 < 6.0.0.1796.0.0.179
wso2wso2_identity_server>= 6.1.0 < 6.1.0.1366.1.0.136
wso2wso2_identity_server_as_key_manager>= 5.10.0 < 5.10.0.2965.10.0.296
wso2wso2_open_banking_am>= 2.0.0 < 2.0.0.3282.0.0.328
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.