CVE-2020-24590
First published: Fri Aug 21 2020(Updated: )
The Management Console in WSO2 API Manager through 3.1.0 and API Microgateway 2.2.0 allows XML Entity Expansion attacks.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| WSO2 API Manager | <=3.1.0 | |
| WSO2 API Microgateway | =2.2.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is CVE-2020-24590?
CVE-2020-24590 is a vulnerability in the Management Console in WSO2 API Manager through 3.1.0 and API Microgateway 2.2.0 that allows XML Entity Expansion attacks.
What software is affected by CVE-2020-24590?
The affected software includes WSO2 API Manager versions up to and including 3.1.0 and WSO2 API Microgateway version 2.2.0.
What is the severity of CVE-2020-24590?
CVE-2020-24590 has a severity rating of 9.1 (critical).
How can XML Entity Expansion attacks be prevented in WSO2 API Manager and API Microgateway?
To prevent XML Entity Expansion attacks, it is recommended to apply the security patch provided by WSO2. Please refer to the WSO2 security advisory WSO2-2020-0742 for more information.
What is the CWE ID associated with CVE-2020-24590?
CVE-2020-24590 is associated with CWE ID 776.
- collector/nvd-index
- agent/weakness
- agent/references
- agent/author
- agent/severity
- agent/type
- agent/description
- agent/event
- agent/softwarecombine
- agent/first-publish-date
- agent/last-modified-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/wso2
- canonical/wso2 api manager
- version/wso2 api manager/3.1.0
- canonical/wso2 api microgateway
- version/wso2 api microgateway/2.2.0