{ "id": "CVE-2023-6836", "sourceIdentifier": "ed10eef1-636d-4fbe-9993-6890dfa878f8", "published": "2023-12-15T10:15:09.407", "lastModified": "2023-12-19T13:52:56.807", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Multiple WSO2 products have been identified as vulnerable due to an XML External Entity (XXE) attack abuses a widely available but rarely used feature of XML parsers to access sensitive information." }, { "lang": "es", "value": "Se han identificado varios productos WSO2 como vulnerables debido a que un ataque de entidad externa XML (XXE) abusa de una caracter\u00edstica ampliamente disponible pero rara vez utilizada de los analizadores XML para acceder a informaci\u00f3n confidencial." } ], "metrics": { "cvssMetricV31": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH" }, "exploitabilityScore": 3.9, "impactScore": 3.6 }, { "source": "ed10eef1-636d-4fbe-9993-6890dfa878f8", "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE", "baseScore": 4.6, "baseSeverity": "MEDIUM" }, "exploitabilityScore": 2.1, "impactScore": 2.5 } ] }, "weaknesses": [ { "source": "nvd@nist.gov", "type": "Primary", "description": [ { "lang": "en", "value": "CWE-611" } ] }, { "source": "ed10eef1-636d-4fbe-9993-6890dfa878f8", "type": "Secondary", "description": [ { "lang": "en", "value": "CWE-611" } ] } ], "configurations": [ { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:wso2:api_manager:*:*:*:*:*:*:*:*", "versionEndIncluding": "3.0.0", "matchCriteriaId": "80465515-637E-46D9-9F36-063B8549A539" } ] } ] }, { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:wso2:api_manager_analytics:2.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "ADEAF56C-4583-40A6-826F-01AC86191AD7" }, { "vulnerable": true, "criteria": "cpe:2.3:a:wso2:api_manager_analytics:2.5.0:*:*:*:*:*:*:*", "matchCriteriaId": "04A2A50A-872E-4CC7-BBB7-3E0956176AAC" } ] } ] }, { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:wso2:api_microgateway:2.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "79CDDE83-4CB6-4DA3-8E96-FCDA4F5C1E93" } ] } ] }, { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:wso2:enterprise_integrator:*:*:*:*:*:*:*:*", "versionEndIncluding": "6.6.0", "matchCriteriaId": "16E39585-2B28-4631-A62F-27F17DC9AB4A" } ] } ] }, { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:wso2:identity_server_as_key_manager:5.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "C016AEE9-7BF7-4BD8-913A-1BA02B2464CF" }, { "vulnerable": true, "criteria": "cpe:2.3:a:wso2:identity_server_as_key_manager:5.6.0:*:*:*:*:*:*:*", "matchCriteriaId": "2E5761F7-C287-4EC4-A899-C54FB4E80A35" }, { "vulnerable": true, "criteria": "cpe:2.3:a:wso2:identity_server_as_key_manager:5.7.0:*:*:*:*:*:*:*", "matchCriteriaId": "3B184BFC-8E1A-4971-B6D2-C594742AB8CE" }, { "vulnerable": true, "criteria": "cpe:2.3:a:wso2:identity_server_as_key_manager:5.9.0:*:*:*:*:*:*:*", "matchCriteriaId": "EA51AC1B-0BF6-44F6-B034-CAD4F623DD76" } ] } ] }, { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:wso2:identity_server:5.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "B9E7D773-A7CE-4AB8-828B-C2E7DC2799AD" }, { "vulnerable": true, "criteria": "cpe:2.3:a:wso2:identity_server:5.4.1:*:*:*:*:*:*:*", "matchCriteriaId": "CEA63B98-D4B4-4FCD-A869-FE64BC21A1B6" }, { "vulnerable": true, "criteria": "cpe:2.3:a:wso2:identity_server:5.5.0:*:*:*:*:*:*:*", "matchCriteriaId": "8DA0050E-D5DD-45E5-9F61-DC1BB060EFF0" }, { "vulnerable": true, "criteria": "cpe:2.3:a:wso2:identity_server:5.6.0:*:*:*:*:*:*:*", "matchCriteriaId": "26542F95-73F3-4906-838E-A66F5DC9DFA5" } ] } ] }, { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:wso2:micro_integrator:1.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "A690D484-8402-4D45-833D-373D1713FA49" } ] } ] } ], "references": [ { "url": "https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2021/WSO2-2020-0716/", "source": "ed10eef1-636d-4fbe-9993-6890dfa878f8", "tags": [ "Vendor Advisory" ] } ] }