||
Skip to end of metadata
Go to start of metadata

Published: 04th November 2019

Severity: Medium

CVSS Score: 4.3 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)


AFFECTED PRODUCTS

WSO2 Enterprise Integrator


OVERVIEW

Providing users an option to disable the try-it functionality.

DESCRIPTION

If try-it service is exposed publicly without authentication, it leads to facilitate Server Side Request Forgery (SSRF) attacks.


IMPACT

It is possible for an attacker to leverage SSRF to access services.

SOLUTION

Upgrade the product version to 6.5.0 or higher which are not affected by this SSRF vulnerability. If you have any questions, post them to [email protected].

NOTES

It is highly recommended to migrate older versions of the WSO2 products to the latest released version to receive security fixes.


CREDITS

WSO2 thanks, Soner Soydinc for responsibly reporting the identified issue and working with us as we addressed them.


  • No labels