Due to the improper configuration of XML parser, user-supplied XML is parsed without applying sufficient restrictions, enabling XML External Entity (XXE) resolution in multiple WSO2 Products. A successful XXE attack could allow a remote, unauthenticated attacker to: * Read sensitive files from the server’s filesystem. * Perform denial-of-service (DoS) attacks, which can render the affected service unavailable.
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| org.wso2.am:am-distribution-parent(Maven) | 0 | 2.1.0 | N/A |
CVSS Metrics
