WSO2 API Manager 漏洞列表

WSO2 API Manager是一套由美国WSO2公司开发的API生命周期管理解决方案。WSO2 API Manager 3.1.0及更早版本存在盲XML外部实体注入（XXE）漏洞。攻击者可以通过构造恶意XML输入，在Management Console中触发XXE攻击，查看服务器文件系统中的文件，并与应用程序可访问的任何后端或外部系统交互，从而将敏感数据从受影响的服务器传输到攻击者控制的系统。

WSO2 API Manager 3.1.0 and earlier is vulnerable to blind XML external entity injection (XXE). XXE often allows an attacker to view files on the server file system, and to interact with any backend or external systems that the application itself can access which allows the attacker to transmit sensitive data from the compromised server to a system that the attacker controls.

WSO2 API Manager 3.1.0 and earlier is vulnerable to blind XML external entity injection (XXE). XXE often allows an attacker to view files on the server file system, and to interact with any backend or external systems that the application itself can access which allows the attacker to transmit sensitive data from the compromised server to a system that the attacker controls.

WSO2 API Manager是美国WSO2公司的一套API生命周期管理解决方案。WSO2 API Manager中存在漏洞。以下产品及版本受到影响：WSO2API Manager从3.1.0 开始版本和 API Microgateway 2.2.0版本，攻击者可读取任意文件和探测内网信息等。

WSO2 API Manager是WSO2公司的一套API生命周期管理解决方案。最近发现CNNVD爆出了WSO2 APIManager存在安全漏洞,由于对文件上传接口缺少严格检查，导致存在任意文件上传漏洞，可直接GetShell