An XML External Entity (XXE) vulnerability exists in multiple WSO2 products due to improper configuration of the XML parser. The application parses user-supplied XML without applying sufficient restrictions, allowing resolution of external entities. A successful attack could enable a remote, unauthenticated attacker to read sensitive files from the server's filesystem or perform denial-of-service (DoS) attacks that render affected services unavailable.
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| org.wso2.carbon.mediation:org.wso2.carbon.localentry(Maven) | 0 | N/A | N/A |
CVSS Metrics
