VYPR
Moderate severityNVD Advisory· Published Dec 15, 2023· Updated Aug 2, 2024

CVE-2023-6836

CVE-2023-6836

Description

Multiple WSO2 products have been identified as vulnerable due to an XML External Entity (XXE) attack abuses a widely available but rarely used feature of XML parsers to access sensitive information.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
org.wso2.carbon.commons:org.wso2.carbon.ntask.coreMaven
< 4.7.244.7.24
org.wso2.am:wso2amMaven
< 4.0.0-beta4.0.0-beta
org.wso2.carbon.registry:org.wso2.carbon.registry.extensionsMaven
< 4.7.314.7.31
org.wso2.carbon.event-processing:org.wso2.carbon.event.processor.coreMaven
< 2.2.122.2.12
org.wso2.carbon.analytics-common:org.wso2.carbon.event.input.adapter.coreMaven
< 5.2.235.2.23
org.wso2.carbon.governance:org.wso2.carbon.governance.commonMaven
< 4.8.134.8.13

Affected products

13

Patches

Vulnerability mechanics

References

10

News mentions

0

No linked articles in our index yet.