Advertisement




Edit Report

Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2022060059

Below is a copy:

WSO2 Management Console XML Injection
XML External Entity (XXE) vulnerability in the WSO2 Management Console

I. VULNERABILITY
-------------------------
XML External Entity (XXE)

II. CVE REFERENCE
-------------------------
CVE-2021-42646

III. VENDOR
-------------------------
https://wso2.com/

IV. TIMELINE
-------------------------
14/02/2021 Vulnerability discovered
14/02/2021 Vendor contacted
01/07/2021 WSO2 replay that they fixed

V. CREDIT
-------------------------
Hakan Bayir at Cyberwise.

VI. DESCRIPTION
-------------------------
An XML External Entity vulnerability was identified in the file based
service provider creation feature of the Management Console.

https://docs.wso2.com/display/Security/Security+Advisory+WSO2-2021-1289


VII. Remediation
-------------------------
If the latest version of the affected WSO2 product is not mentioned under
the affected product list, you may migrate to the latest version to receive
security fixes. Otherwise you may apply the relevant fixes to the product
based on the public fix:
https://github.com/wso2/carbon-identity-framework/pull/3472

-- 
Hakan Bayr

Copyright ©2022 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.