Published: 04th June 2nd September 2021
CVSS Score: 4.3 (CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L)
If a malicious XML payload can be submitted to the XML parser here, then the attacker could read confidential data from the file system or access HTTP resources that are reachable to the vulnerable product. The same vulnerability could be used in performing a denial of service attack.
If you are using an affected product version, it is highly recommended to migrate to the latest released version to the latest version of the affected WSO2 product is not mentioned under the affected product list, you may migrate to the latest version to receive security fixes. You Otherwise you may also apply the relevant fixes to the product based on the changes from the public fix: https://github.com/wso2/carbon-kernel/pull/2927