CVE-2020-12719

Source
https://cve.org/CVERecord?id=CVE-2020-12719
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-12719.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2020-12719
Published
2020-05-08T00:15:12.033Z
Modified
2026-07-07T08:50:18.737783176Z
Severity
  • 7.2 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

XXE during an EventPublisher update can occur in Management Console in WSO2 API Manager 3.0.0 and earlier, API Manager Analytics 2.5.0 and earlier, API Microgateway 2.2.0, Enterprise Integrator 6.4.0 and earlier, IS as Key Manager 5.9.0 and earlier, Identity Server 5.9.0 and earlier, and Identity Server Analytics 5.6.0 and earlier.

Database specific
{
    "unresolved_ranges": [
        {
            "extracted_events": [
                {
                    "last_affected": "5.9.0"
                }
            ],
            "cpes": [
                "cpe:2.3:a:wso2:identity_server:*:*:*:*:*:*:*:*"
            ],
            "source": "CPE_RANGE",
            "vendor_product": "wso2:identity_server"
        },
        {
            "extracted_events": [
                {
                    "last_affected": "5.6.0"
                }
            ],
            "cpes": [
                "cpe:2.3:a:wso2:identity_server_analytics:*:*:*:*:*:*:*:*"
            ],
            "source": "CPE_RANGE",
            "vendor_product": "wso2:identity_server_analytics"
        },
        {
            "extracted_events": [
                {
                    "last_affected": "5.9.0"
                }
            ],
            "cpes": [
                "cpe:2.3:a:wso2:identity_server_as_key_manager:*:*:*:*:*:*:*:*"
            ],
            "source": "CPE_RANGE",
            "vendor_product": "wso2:identity_server_as_key_manager"
        },
        {
            "extracted_events": [
                {
                    "introduced": "2.2.0"
                },
                {
                    "last_affected": "2.2.0"
                }
            ],
            "cpes": [
                "cpe:2.3:a:wso2:api_microgateway:2.2.0:*:*:*:*:*:*:*"
            ],
            "source": "CPE_STRING",
            "vendor_product": "wso2:api_microgateway"
        }
    ]
}
References

Affected packages

Git
github.com/wso2/analytics-apim

Affected ranges

Type
GIT
Repo
https://github.com/wso2/analytics-apim
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
Database specific
{
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.5.0"
        }
    ],
    "cpe": "cpe:2.3:a:wso2:api_manager_analytics:*:*:*:*:*:*:*:*",
    "source": "CPE_RANGE"
}

Affected versions

v1.*
v1.0.0-m1
v1.0.0-m2
v2.*
v2.1.0-alpha
v2.1.0-update2
v2.1.0-update3
v2.1.0-update4
v2.1.0-update5
v2.1.0-update6
v2.1.0-update7
v2.1.0-update8
v2.1.0-update9
v2.2.0
v2.2.0-rc
v2.2.0-rc2
v2.2.0-rc3
v2.2.0-update1
v2.2.0-update2
v2.5.0
v2.5.0-Alpha
v2.5.0-rc1
v2.5.0.Beta

Database specific

source
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-12719.json"
github.com/wso2/product-apim

Affected ranges

Type
GIT
Repo
https://github.com/wso2/product-apim
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
Database specific
{
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "3.0.0"
        }
    ],
    "cpe": "cpe:2.3:a:wso2:api_manager:*:*:*:*:*:*:*:*",
    "source": "CPE_RANGE"
}

Affected versions

test-tag-1.*
test-tag-1.9.0-Alpha
v1.*
v1.9.0
v1.9.0-Alpha
v1.9.0-Beta
v1.9.0-Beta-2
v1.9.0-Beta-3
v1.9.0-M2
v2.*
v2.0.0-ALPHA
v2.0.0-M4
v2.1.0-alpha
v2.1.0-update1
v2.1.0-update10
v2.1.0-update11
v2.1.0-update12
v2.1.0-update13
v2.1.0-update14
v2.1.0-update2
v2.1.0-update3
v2.1.0-update5
v2.1.0-update7
v2.1.0-update8
v2.1.0-update9
v2.2.0
v2.2.0-update1
v2.2.0-update2
v2.2.0-update3
v2.2.0-update4
v2.2.0-update5
v2.2.0-update6
v2.2.0-update7
v2.5.0
v2.5.0-Alpha
v2.5.0-Beta
v2.5.0-rc1
v2.5.0-rc2
v2.5.0-rc3
v2.5.0-rc4
v2.6.0
v2.6.0-alpha
v2.6.0-alpha2
v2.6.0-beta
v2.6.0-beta2
v2.6.0-m1
v2.6.0-m2
v2.6.0-rc1
v2.6.0-rc2
v2.6.0-rc3
v3.*
v3.0.0
v3.0.0-alpha
v3.0.0-alpha2
v3.0.0-beta
v3.0.0-m32
v3.0.0-m33
v3.0.0-m34
v3.0.0-m35
v3.0.0-rc1
v3.0.0-rc2
v3.0.0-rc3

Database specific

source
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-12719.json"
github.com/wso2/product-ei

Affected ranges

Type
GIT
Repo
https://github.com/wso2/product-ei
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
Database specific
{
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "6.4.0"
        }
    ],
    "cpe": "cpe:2.3:a:wso2:enterprise_integrator:*:*:*:*:*:*:*:*",
    "source": "CPE_RANGE"
}

Affected versions

v6.*
v6.0.0-m1
v6.1.1-update10
v6.1.1-update11
v6.1.1-update12
v6.1.1-update13
v6.1.1-update14
v6.1.1-update15
v6.1.1-update16
v6.1.1-update17
v6.1.1-update18
v6.1.1-update19
v6.1.1-update20
v6.1.1-update21
v6.1.1-update22
v6.1.1-update23
v6.1.1-update24
v6.1.1-update8
v6.1.1-update9
v6.2.0
v6.2.0-rc1
v6.2.0-rc2
v6.3.0
v6.3.0-m1
v6.3.0-m10
v6.3.0-m11
v6.3.0-m2
v6.3.0-m3
v6.3.0-m4
v6.3.0-m5
v6.3.0-m6
v6.3.0-m7
v6.3.0-m8
v6.3.0-m9
v6.3.0-rc1
v6.3.0-rc2
v6.4.0
v6.4.0-m1
v6.4.0-m2
v6.4.0-m3
v6.4.0-m4
v6.4.0-m5
v6.4.0-m6
v6.4.0-m7
v6.4.0-m8
v6.4.0-rc1

Database specific

source
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-12719.json"