CVE-2020-24589 Scanner

WSO2 API Manager is an open-source platform for managing APIs and is widely used by businesses to ensure secure and efficient integration of applications. API Microgateway, on the other hand, is a lightweight and highly scalable solution that enables businesses to take control of their APIs. Both these tools are widely used for managing APIs across different environments, such as cloud-based and on-premises.

However, WSO2 API Manager through 3.1.0 and API Microgateway 2.2.0 has been found to have a vulnerability code named CVE-2020-24589. This vulnerability is related to XML External Entity injection (XXE) attacks. XXE is a type of attack that enables hackers to inject malicious code into an XML document, allowing them to gain unauthorized access to sensitive data.

If this vulnerability is exploited, it can lead to various types of attacks, such as denial-of-service (DoS) attacks, server-side request forgery (SSRF), and access to sensitive information. The hackers can use this vulnerability to gain access to confidential information, such as login credentials, intellectual property, and other sensitive data.

Thanks to pro features like security assessments and security reports available on securityforeveryone.com, users can easily and quickly learn about vulnerabilities in their digital assets. The platform provides a comprehensive and reliable security assessment tool that enables users to identify and address vulnerabilities in their digital assets with ease. Users can also receive regular security reports that contain valuable insights about the performance of their security measures and identify any areas that need improvement.

REFERENCES

• https://docs.wso2.com/display/Security/Security+Advisory+WSO2-2020-0742