Security Advisory WSO2-2020-0873

Published: February 08, 2021

Version: 1.0.0

Severity: Medium

CVSS Score: 6.1 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)


  • WSO2 API Manager : 2.6.0 or earlier


A potential Open Redirect vulnerability in the API Manager Store.


Open Redirect vulnerability can be exploited by tampering with a parameter during the SSO based authentication to the API Store.


By using social engineering techniques, an attacker could persuade a user to click on a valid link (but with a malicious payload) and get the user redirected to an attacker controlled page where a phishing attack could be executed to obtain highly sensitive information or harm otherwise.


If you are using an affected product version, it is highly recommended to migrate to the latest released version to receive security fixes.

Otherwise, you may apply the relevant fixes to the product based on the public fix(s):


If you are a WSO2 customer with a support subscription, use WSO2 Update Manager(WUM) updates in order to apply the fix to the affected versions.