First published: Tue May 14 2019(Updated: )
An issue was discovered in WSO2 API Manager 2.6.0. It is possible to force the application to perform requests to the internal workstation (SSRF port-scanning), other adjacent workstations (SSRF network scanning), or to enumerate files because of the existence of the file:// wrapper.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
WSO2 API Manager | =2.6.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2019-6512 is a vulnerability discovered in WSO2 API Manager 2.6.0 that allows an attacker to force the application to perform requests to internal and adjacent workstations, leading to SSRF port-scanning, network scanning, and file enumeration.
The severity of CVE-2019-6512 is medium with a severity value of 4.1.
WSO2 API Manager 2.6.0 is affected by CVE-2019-6512.
An attacker can exploit CVE-2019-6512 by manipulating the application to perform requests to internal and adjacent workstations, enabling SSRF port-scanning, network scanning, and file enumeration.
Yes, patches for CVE-2019-6512 are available. Please refer to the WSO2 security advisory for more information.