Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Published: 1st July 2020

Version: 12.0.0

Severity: Medium

CVSS Score: 5.3 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)

...

AFFECTED PRODUCTS

WSO2 API Manager : 3.12.0 or earlier
WSO2 IS as Key Manager : 5.10.0 or earlier
WSO2 Identity Server : 5.10.0 or earlier

...

You may also apply the relevant fixes based on the changes from the public fix: https://github.com/wso2/carbon-identity-framework/pull/2918, https://github.com/wso2-extensions/identity-governance/pull/380,https https://github.com/wso2-extensions/identity-event-handler-account-lock/pull/65Note: , https://github.com/wso2-extensions/identity-local-auth-basicauth/pull/72


NOTES

If you are a WSO2 customer with Support Subscription, please use WSO2 Update Manager (WUM) updates in order to apply the fix.

Change Log:

2020-09-24: API Manager 3.2.0 added to the affected product list.