Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Identity_server_as_key_manager
(Wso2)Repositories |
Unknown: This might be proprietary software. |
#Vulnerabilities | 19 |
Date | Id | Summary | Products | Score | Patch | Annotated |
---|---|---|---|---|---|---|
2022-04-21 | CVE-2022-29548 | A reflected XSS issue exists in the Management Console of several WSO2 products. This affects API Manager 2.2.0, 2.5.0, 2.6.0, 3.0.0, 3.1.0, 3.2.0, and 4.0.0; API Manager Analytics 2.2.0, 2.5.0, and 2.6.0; API Microgateway 2.2.0; Data Analytics Server 3.2.0; Enterprise Integrator 6.2.0, 6.3.0, 6.4.0, 6.5.0, and 6.6.0; IS as Key Manager 5.5.0, 5.6.0, 5.7.0, 5.9.0, and 5.10.0; Identity Server 5.5.0, 5.6.0, 5.7.0, 5.9.0, 5.10.0, and 5.11.0; Identity Server Analytics 5.5.0 and 5.6.0; and WSO2... | Api_manager, Api_manager_analytics, Api_microgateway, Data_analytics_server, Enterprise_integrator, Identity_server, Identity_server_analytics, Identity_server_as_key_manager, Micro_integrator | 6.1 | ||
2022-04-18 | CVE-2022-29464 | Certain WSO2 products allow unrestricted file upload with resultant remote code execution. The attacker must use a /fileupload endpoint with a Content-Disposition directory traversal sequence to reach a directory under the web root, such as a ../../../../repository/deployment/server/webapps directory. This affects WSO2 API Manager 2.2.0 up to 4.0.0, WSO2 Identity Server 5.2.0 up to 5.11.0, WSO2 Identity Server Analytics 5.4.0, 5.4.1, 5.5.0 and 5.6.0, WSO2 Identity Server as Key Manager 5.3.0... | Api_manager, Enterprise_integrator, Identity_server, Identity_server_analytics, Identity_server_as_key_manager | 9.8 | ||
2020-06-18 | CVE-2020-14444 | An issue was discovered in WSO2 Identity Server through 5.9.0 and WSO2 IS as Key Manager through 5.9.0. A potential Reflected Cross-Site Scripting (XSS) vulnerability has been identified in the Management Console Policy Administration user interface. | Identity_server, Identity_server_as_key_manager | 5.4 | ||
2020-06-18 | CVE-2020-14445 | An issue was discovered in WSO2 Identity Server through 5.9.0 and WSO2 IS as Key Manager through 5.9.0. A potential Reflected Cross-Site Scripting (XSS) vulnerability has been identified in the Management Console Basic Policy Editor user Interface. | Identity_server, Identity_server_as_key_manager | 5.4 | ||
2020-06-18 | CVE-2020-14446 | An issue was discovered in WSO2 Identity Server through 5.10.0 and WSO2 IS as Key Manager through 5.10.0. An open redirect exists. | Identity_server, Identity_server_as_key_manager | 6.1 | ||
2021-12-07 | CVE-2021-36760 | In accountrecoveryendpoint/recoverpassword.do in WSO2 Identity Server 5.7.0, it is possible to perform a DOM-Based XSS attack affecting the callback parameter modifying the URL that precedes the callback parameter. Once the username or password reset procedure is completed, the JavaScript code will be executed. (recoverpassword.do also has an open redirect issue for a similar reason.) | Api_manager, Identity_server, Identity_server_as_key_manager, Iot_server | 6.1 | ||
2020-06-06 | CVE-2020-13883 | In WSO2 API Manager 3.0.0 and earlier, WSO2 API Microgateway 2.2.0, and WSO2 IS as Key Manager 5.9.0 and earlier, Management Console allows XXE during addition or update of a Lifecycle. | Api_manager, Api_microgateway, Identity_server_as_key_manager | N/A | ||
2020-05-08 | CVE-2020-12719 | XXE during an EventPublisher update can occur in Management Console in WSO2 API Manager 3.0.0 and earlier, API Manager Analytics 2.5.0 and earlier, API Microgateway 2.2.0, Enterprise Integrator 6.4.0 and earlier, IS as Key Manager 5.9.0 and earlier, Identity Server 5.9.0 and earlier, and Identity Server Analytics 5.6.0 and earlier. | Api_manager, Api_manager_analytics, Api_microgateway, Enterprise_integrator, Identity_server, Identity_server_analytics, Identity_server_as_key_manager | N/A | ||
2019-03-21 | CVE-2018-20737 | An issue was discovered in WSO2 API Manager 2.1.0 and 2.6.0. Reflected XSS exists in the carbon part of the product. | Api_manager, Identity_server, Identity_server_as_key_manager | 5.4 |