WSO2 Management Console suffers from an XML external entity injection vulnerability.
3095603d2cabf6d7b0762bcd9407fb68679e7b5ca8286b67ddacafd70db1d62eXML External Entity (XXE) vulnerability in the WSO2 Management Console
I. VULNERABILITY
-------------------------
XML External Entity (XXE)
II. CVE REFERENCE
-------------------------
CVE-2021-42646
III. VENDOR
-------------------------
https://wso2.com/
IV. TIMELINE
-------------------------
14/02/2021 Vulnerability discovered
14/02/2021 Vendor contacted
01/07/2021 WSO2 replay that they fixed
V. CREDIT
-------------------------
Hakan Bayir at Cyberwise.
VI. DESCRIPTION
-------------------------
An XML External Entity vulnerability was identified in the file based
service provider creation feature of the Management Console.
https://docs.wso2.com/display/Security/Security+Advisory+WSO2-2021-1289
VII. Remediation
-------------------------
If the latest version of the affected WSO2 product is not mentioned under
the affected product list, you may migrate to the latest version to receive
security fixes. Otherwise you may apply the relevant fixes to the product
based on the public fix:
https://github.com/wso2/carbon-identity-framework/pull/3472
--
Hakan Bayır
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed