Product:

Enterprise_integrator

(Wso2)
Repositories

Unknown:

This might be proprietary software.
#Vulnerabilities 17
Date Id Summary Products Score Patch Annotated
2022-04-21 CVE-2022-29548 A reflected XSS issue exists in the Management Console of several WSO2 products. This affects API Manager 2.2.0, 2.5.0, 2.6.0, 3.0.0, 3.1.0, 3.2.0, and 4.0.0; API Manager Analytics 2.2.0, 2.5.0, and 2.6.0; API Microgateway 2.2.0; Data Analytics Server 3.2.0; Enterprise Integrator 6.2.0, 6.3.0, 6.4.0, 6.5.0, and 6.6.0; IS as Key Manager 5.5.0, 5.6.0, 5.7.0, 5.9.0, and 5.10.0; Identity Server 5.5.0, 5.6.0, 5.7.0, 5.9.0, 5.10.0, and 5.11.0; Identity Server Analytics 5.5.0 and 5.6.0; and WSO2... Api_manager, Api_manager_analytics, Api_microgateway, Data_analytics_server, Enterprise_integrator, Identity_server, Identity_server_analytics, Identity_server_as_key_manager, Micro_integrator 6.1
2022-09-09 CVE-2022-39809 An issue was discovered in WSO2 Enterprise Integrator 6.4.0. A Reflected Cross-Site Scripting (XSS) vulnerability has been identified in the Management Console under /carbon/mediation_secure_vault/properties/ajaxprocessor.jsp via the name parameter. Session hijacking or similar attacks would not be possible. Enterprise_integrator 6.1
2022-09-09 CVE-2022-39810 An issue was discovered in WSO2 Enterprise Integrator 6.4.0. A Reflected Cross-Site Scripting (XSS) vulnerability has been identified in the Management Console under /carbon/ndatasource/validateconnection/ajaxprocessor.jsp via the driver parameter. Session hijacking or similar attacks would not be possible. Enterprise_integrator 6.1
2023-12-15 CVE-2023-6836 Multiple WSO2 products have been identified as vulnerable due to an XML External Entity (XXE) attack abuses a widely available but rarely used feature of XML parsers to access sensitive information. Api_manager, Api_manager_analytics, Api_microgateway, Enterprise_integrator, Identity_server, Identity_server_as_key_manager, Micro_integrator 7.5
2023-12-18 CVE-2023-6911 Multiple WSO2 products have been identified as vulnerable due to improper output encoding, a Stored Cross Site Scripting (XSS) attack can be carried out by an attacker injecting a malicious payload into the Registry feature of the Management Console. Api_manager, Api_manager_analytics, Api_microgateway, Data_analytics_server, Enterprise_integrator, Identity_server, Identity_server_analytics, Identity_server_as_key_manager, Message_broker 4.8
2020-04-17 CVE-2020-11885 WSO2 Enterprise Integrator through 6.6.0 has an XXE vulnerability where a user (with admin console access) can use the XML validator to make unintended network invocations such as SSRF via an uploaded file. Enterprise_integrator 7.2
2020-01-28 CVE-2019-20442 An issue was discovered in WSO2 API Manager 2.6.0, WSO2 Enterprise Integrator 6.5.0, WSO2 IS as Key Manager 5.7.0, and WSO2 Identity Server 5.8.0. A potential stored Cross-Site Scripting (XSS) vulnerability in roleToAuthorize has been identified in the registry UI. Api_manager, Enterprise_integrator, Identity_server 4.8
2020-01-28 CVE-2019-20443 An issue was discovered in WSO2 API Manager 2.6.0, WSO2 Enterprise Integrator 6.5.0, WSO2 IS as Key Manager 5.7.0, and WSO2 Identity Server 5.8.0. A potential stored Cross-Site Scripting (XSS) vulnerability in mediaType has been identified in the registry UI. Api_manager, Enterprise_integrator, Identity_server 4.8
2017-09-21 CVE-2017-14651 WSO2 Data Analytics Server 3.1.0 has XSS in carbon/resources/add_collection_ajaxprocessor.jsp via the collectionName or parentPath parameter. Api_manager, App_manager, Application_server, Business_process_server, Business_rules_server, Complex_event_processor, Dashboard_server, Data_analytics_server, Data_services_server, Enterprise_integrator, Enterprise_mobility_manager, Governance_registry, Identity_server, Iot_server, Machine_learner, Message_broker, Storage_server 4.8
2019-12-05 CVE-2019-19587 In WSO2 Enterprise Integrator 6.5.0, reflected XSS occurs when updating the message processor configuration from the source view in the Management Console. Enterprise_integrator N/A