{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"state":"PUBLISHED","cveId":"CVE-2021-42646","assignerOrgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","assignerShortName":"mitre","dateUpdated":"2024-08-04T03:38:49.501Z","dateReserved":"2021-10-18T00:00:00.000Z","datePublished":"2022-05-11T00:00:00.000Z"},"containers":{"cna":{"providerMetadata":{"orgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","shortName":"mitre","dateUpdated":"2024-01-11T02:21:30.411Z"},"descriptions":[{"lang":"en","value":"XML External Entity (XXE) vulnerability in the file based service provider creation feature of the Management Console in WSO2 API Manager 2.6.0, 3.0.0, 3.1.0, 3.2.0, and 4.0.0; and WSO2 IS as Key Manager 5.7.0, 5.9.0, and 5.10.0; and WSO2 Identity Server 5.7.0, 5.8.0, 5.9.0, 5.10.0, and 5.11.0. Allows attackers to gain read access to sensitive information or cause a denial of service via crafted GET requests."}],"affected":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}],"references":[{"url":"https://github.com/wso2/carbon-identity-framework/pull/3472"},{"name":"20220610 XML External Entity (XXE) vulnerability in the WSO2 Management Console","tags":["mailing-list"],"url":"http://seclists.org/fulldisclosure/2022/Jun/7"},{"url":"http://packetstormsecurity.com/files/167465/WSO2-Management-Console-XML-Injection.html"},{"url":"https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2021/WSO2-2021-1289/"}],"problemTypes":[{"descriptions":[{"type":"text","lang":"en","description":"n/a"}]}]},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-04T03:38:49.501Z"},"title":"CVE Program Container","references":[{"url":"https://github.com/wso2/carbon-identity-framework/pull/3472","tags":["x_transferred"]},{"name":"20220610 XML External Entity (XXE) vulnerability in the WSO2 Management Console","tags":["mailing-list","x_transferred"],"url":"http://seclists.org/fulldisclosure/2022/Jun/7"},{"url":"http://packetstormsecurity.com/files/167465/WSO2-Management-Console-XML-Injection.html","tags":["x_transferred"]},{"url":"https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2021/WSO2-2021-1289/","tags":["x_transferred"]}]}]}}