Security Advisory WSO2-2019-0571

Published: November 04, 2019

Severity: Medium

CVSS Score: 4.3 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)


AFFECTED PRODUCTS

  • WSO2 Enterprise Integrator

OVERVIEW

Providing users with an option to disable the try-it functionality.

DESCRIPTION

If the try-it service is exposed publicly without authentication, it leads to facilitate Server Side Request Forgery (SSRF) attacks.

IMPACT

An attacker can leverage SSRF to access services.

SOLUTION

Upgrade the product to 6.5.0 or a higher version, which is not affected by this SSRF vulnerability. If you have any questions, post them to security@wso2.com.

Info

It is highly recommended to migrate older versions of the WSO2 products to the latest released version to receive security fixes.

CREDITS

WSO2 thanks, Soner Soydinc for responsibly reporting the identified issue and working with us as we addressed them.