CVE-2020-13883

medium

Description

In WSO2 API Manager 3.0.0 and earlier, WSO2 API Microgateway 2.2.0, and WSO2 IS as Key Manager 5.9.0 and earlier, Management Console allows XXE during addition or update of a Lifecycle.

References

https://docs.wso2.com/display/Security/Security+Advisory+WSO2-2020-0727

Details

Source: Mitre, NVD

Published: 2020-06-06

Updated: 2026-06-17

Risk Information

CVSS v2

Base Score: 6.5

Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 6.7

Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:H

Severity: Medium

EPSS

EPSS: 0.00279