Abstract Advisory Information
WSO2 API Manager is an open source approach that addresses full API lifecycle management, monetization, and policy enforcement.
Uploaded documents for API’s documentation on publisher part are available for unauthenticated user.
Authors: Julien Oury–Nogues
Version affected
Name: WSO2 API Manager
Versions: 2.6.0
Common Vulnerability Scoring System
4.3
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
Patches
Unknown
References
None
Vulnerability Disclosure Timeline
- 19/10/2018 – Vulnerability discovered
- 22/10/2018 – Contact WSO2 security team
- 29/10/2018 – Acknowledgement From WSO2 security team
- 21/02/2019 – Public disclosure