What is CVE-2020-24591?

CVE-2020-24591 is a vulnerability in certain WSO2 products that allows XXE attacks during EventReceiver updates.

Which WSO2 products are affected by CVE-2020-24591?

CVE-2020-24591 affects API Manager through version 3.0.0, API Manager Analytics versions 2.2.0 and 2.5.0, API Microgateway version 2.2.0, Enterprise Integrator versions 6.2.0 and 6.3.0, and Identity Server Analytics through version 5.6.0.

What is the severity of CVE-2020-24591?

The severity of CVE-2020-24591 is medium with a score of 6.5.

How can XXE attacks be performed during EventReceiver updates in WSO2 products?

XXE attacks can be performed during EventReceiver updates in WSO2 products through the Management Console.

How can I fix the CVE-2020-24591 vulnerability in WSO2 products?

To fix the CVE-2020-24591 vulnerability, it is recommended to upgrade the affected WSO2 products to the latest patched versions.

Vulnerability/
CVE-2020-24591

medium

6.5

CWE

611

21/8/2020

4/8/2024

CVE-2020-24591: XEE

First published: Fri Aug 21 2020(Updated: )

The Management Console in certain WSO2 products allows XXE attacks during EventReceiver updates. This affects API Manager through 3.0.0, API Manager Analytics 2.2.0 and 2.5.0, API Microgateway 2.2.0, Enterprise Integrator 6.2.0 and 6.3.0, and Identity Server Analytics through 5.6.0.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
WSO2 API Manager	<=3.0.0
Wso2 Api Manager Analytics	=2.2.0
Wso2 Api Manager Analytics	=2.5.0
WSO2 API Microgateway	=2.2.0
WSO2 Enterprise Integrator	=6.2.0
WSO2 Enterprise Integrator	=6.3.0
WSO2 Identity Server Analytics	<=5.6.0

Never miss a vulnerability like this again

Reference Links

https://docs.wso2.com/display/Security/Security+Advisory+WSO2-2020-0728

Frequently Asked Questions

What is CVE-2020-24591?
CVE-2020-24591 is a vulnerability in certain WSO2 products that allows XXE attacks during EventReceiver updates.
Which WSO2 products are affected by CVE-2020-24591?
CVE-2020-24591 affects API Manager through version 3.0.0, API Manager Analytics versions 2.2.0 and 2.5.0, API Microgateway version 2.2.0, Enterprise Integrator versions 6.2.0 and 6.3.0, and Identity Server Analytics through version 5.6.0.
What is the severity of CVE-2020-24591?
The severity of CVE-2020-24591 is medium with a score of 6.5.
How can XXE attacks be performed during EventReceiver updates in WSO2 products?
XXE attacks can be performed during EventReceiver updates in WSO2 products through the Management Console.
How can I fix the CVE-2020-24591 vulnerability in WSO2 products?
To fix the CVE-2020-24591 vulnerability, it is recommended to upgrade the affected WSO2 products to the latest patched versions.

collector/nvd-index
agent/weakness
agent/references
agent/description
agent/type
agent/event
agent/severity
agent/author
agent/last-modified-date
agent/softwarecombine
agent/first-publish-date
agent/tags
collector/mitre-cve
source/MITRE
vendor/wso2
canonical/wso2 api manager
version/wso2 api manager/3.0.0
canonical/wso2 api manager analytics
version/wso2 api manager analytics/2.2.0
version/wso2 api manager analytics/2.5.0
canonical/wso2 api microgateway
version/wso2 api microgateway/2.2.0
canonical/wso2 enterprise integrator
version/wso2 enterprise integrator/6.2.0
version/wso2 enterprise integrator/6.3.0
canonical/wso2 identity server analytics
version/wso2 identity server analytics/5.6.0

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.