CVE-2020-24591

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2020-24591

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-24591.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2020-24591

Published

2020-08-21T20:15:11.093Z

Modified

2026-03-13T00:36:53.233061Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H CVSS Calculator

Summary

[none]

Details

The Management Console in certain WSO2 products allows XXE attacks during EventReceiver updates. This affects API Manager through 3.0.0, API Manager Analytics 2.2.0 and 2.5.0, API Microgateway 2.2.0, Enterprise Integrator 6.2.0 and 6.3.0, and Identity Server Analytics through 5.6.0.

References

https://docs.wso2.com/display/Security/Security+Advisory+WSO2-2020-0728

Affected packages

Git / github.com/wso2-attic/analytics-is

Affected ranges

Type

GIT

Repo

https://github.com/wso2-attic/analytics-is

Events

Introduced

Last affected

bd89e4586d7e8c240c93b03b9acb3a1e93078781

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "5.6.0"
        }
    ]
}

Type

GIT

Repo

https://github.com/wso2/product-apim

Events

Introduced

Last affected

727d091683c8199c37f2d19ab3198abee6553904

Introduced

Last affected

5cdc3f8a5ea212c3bf231cb710ea3436e9aad1d7

Introduced

Last affected

828807c24e02a88a91a70e6f9dbc6eeb58be3eaf

Introduced

Last affected

5cdc3f8a5ea212c3bf231cb710ea3436e9aad1d7

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "3.0.0"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.2.0"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.5.0"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.2.0"
        }
    ]
}

Affected versions

test-tag-1.*

test-tag-1.9.0-Alpha

v1.*

v1.10.0

v1.10.0-Alpha

v1.10.0-Beta

v1.10.0-rc3

v1.10.0-rc4

v1.9.0

v1.9.0-Alpha

v1.9.0-Beta

v1.9.0-Beta-2

v1.9.0-Beta-3

v1.9.0-M2

v2.*

v2.0.0

v2.0.0-ALPHA

v2.0.0-BETA

v2.0.0-M1

v2.0.0-M2

v2.0.0-M3

v2.0.0-M4

v2.0.0-M5

v2.0.0-beta2

v2.0.0-rc1

v2.0.0-rc2

v2.0.0-rc3

v2.0.0-rc4

v2.0.0-rc5

v2.1.0-alpha

v2.1.0-update1

v2.1.0-update10

v2.1.0-update11

v2.1.0-update12

v2.1.0-update13

v2.1.0-update14

v2.1.0-update2

v2.1.0-update3

v2.1.0-update4

v2.1.0-update5

v2.1.0-update6

v2.1.0-update7

v2.1.0-update8

v2.1.0-update9

v2.2.0

v2.2.0-update1

v2.2.0-update2

v2.2.0-update3

v2.2.0-update4

v2.2.0-update5

v2.2.0-update6

v2.2.0-update7

v2.5.0

v2.5.0-Alpha

v2.5.0-Beta

v2.5.0-rc1

v2.5.0-rc2

v2.5.0-rc3

v2.5.0-rc4

v2.6.0

v2.6.0-alpha

v2.6.0-alpha2

v2.6.0-beta

v2.6.0-beta2

v2.6.0-m1

v2.6.0-m2

v2.6.0-rc1

v2.6.0-rc2

v2.6.0-rc3

v3.*

v3.0.0

v3.0.0-alpha

v3.0.0-alpha2

v3.0.0-beta

v3.0.0-m32

v3.0.0-m33

v3.0.0-m34

v3.0.0-m35

v3.0.0-rc1

v3.0.0-rc2

v3.0.0-rc3

v5.*

v5.2.0-beta2

v5.2.0-latest

v5.3.0

v5.3.0-alpha2

v5.3.0-rc1

v5.3.0-rc2

v5.3.0-rc3

v5.4.0

v5.4.0-beta

v5.4.0-update1

v5.4.0-update4

v5.4.1

v5.5.0

v5.5.0-alpha

v5.5.0-alpha2

v5.5.0-alpha3

v5.5.0-beta

v5.5.0-rc1

v5.5.0-rc2

v5.6.0

v5.6.0-rc1

v5.6.0-rc2

v5.6.0-rc3

Database specific

unresolved_ranges

[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "6.2.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "6.3.0"
            }
        ]
    }
]

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-24591.json"