← Back

Api Manager Analytics

api_manager_analytics

Vendor: Wso2 • 11 CVEs

CVEs (11)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2025-9804
1Wso2
15Api Control Plane
Api ManagerApi Manager Analytics+12 more
Nov 21, 2025
Oct 16, 2025
N/A· v4
6.5 MEDIUM· v3
N/A· v2
An improper access control vulnerability exists in multiple WSO2 products due to insufficient permission enforcement in certain internal SOAP Admin Services and System REST APIs. A low-privileged user may exploit this fl...Show more
An improper access control vulnerability exists in multiple WSO2 products due to insufficient permission enforcement in certain internal SOAP Admin Services and System REST APIs. A low-privileged user may exploit this flaw to perform unauthorized operations, including accessing server-level information. This vulnerability affects only internal administrative interfaces. APIs exposed through the WSO2 API Manager's API Gateway remain unaffected.Show less
CVE-2023-6911
1Wso2
9Api Manager
Api Manager AnalyticsApi Microgateway+6 more
Nov 21, 2024
Dec 18, 2023
N/A· v4
4.8 MEDIUM· v3
N/A· v2
Multiple WSO2 products have been identified as vulnerable due to improper output encoding, a Stored Cross Site Scripting (XSS) attack can be carried out by an attacker injecting a malicious payload into the Registry feat...Show more
Multiple WSO2 products have been identified as vulnerable due to improper output encoding, a Stored Cross Site Scripting (XSS) attack can be carried out by an attacker injecting a malicious payload into the Registry feature of the Management Console. Show less
CVE-2023-6836
1Wso2
7Api Manager
Api Manager AnalyticsApi Microgateway+4 more
Nov 21, 2024
Dec 15, 2023
N/A· v4
7.5 HIGH· v3
N/A· v2
Multiple WSO2 products have been identified as vulnerable due to an XML External Entity (XXE) attack abuses a widely available but rarely used feature of XML parsers to access sensitive information.
CVE-2022-29548
1Wso2
9Api Manager
Api Manager AnalyticsApi Microgateway+6 more
Nov 21, 2024
Apr 21, 2022
N/A· v4
6.1 MEDIUM· v3
4.3 MEDIUM· v2
A reflected XSS issue exists in the Management Console of several WSO2 products. This affects API Manager 2.2.0, 2.5.0, 2.6.0, 3.0.0, 3.1.0, 3.2.0, and 4.0.0; API Manager Analytics 2.2.0, 2.5.0, and 2.6.0; API Microgatew...Show more
A reflected XSS issue exists in the Management Console of several WSO2 products. This affects API Manager 2.2.0, 2.5.0, 2.6.0, 3.0.0, 3.1.0, 3.2.0, and 4.0.0; API Manager Analytics 2.2.0, 2.5.0, and 2.6.0; API Microgateway 2.2.0; Data Analytics Server 3.2.0; Enterprise Integrator 6.2.0, 6.3.0, 6.4.0, 6.5.0, and 6.6.0; IS as Key Manager 5.5.0, 5.6.0, 5.7.0, 5.9.0, and 5.10.0; Identity Server 5.5.0, 5.6.0, 5.7.0, 5.9.0, 5.10.0, and 5.11.0; Identity Server Analytics 5.5.0 and 5.6.0; and WSO2 Micro Integrator 1.0.0.Show less
CVE-2020-17453
1Wso2
8Api Manager
Api Manager AnalyticsApi Microgateway+5 more
Nov 21, 2024
Apr 5, 2021
N/A· v4
6.1 MEDIUM· v3
4.3 MEDIUM· v2
WSO2 Management Console through 5.10 allows XSS via the carbon/admin/login.jsp msgId parameter.
CVE-2020-24706
1Wso2
6Api Manager
Api Manager AnalyticsIdentity Server+3 more
Nov 21, 2024
Aug 27, 2020
N/A· v4
6.1 MEDIUM· v3
4.3 MEDIUM· v2
An issue was discovered in certain WSO2 products. The Try It tool allows Reflected XSS. This affects API Manager through 3.1.0, API Manager Analytics 2.5.0, IS as Key Manager through 5.10.0, Identity Server through 5.10....Show more
An issue was discovered in certain WSO2 products. The Try It tool allows Reflected XSS. This affects API Manager through 3.1.0, API Manager Analytics 2.5.0, IS as Key Manager through 5.10.0, Identity Server through 5.10.0, Identity Server Analytics through 5.6.0, and IoT Server 3.1.0.Show less
CVE-2020-24705
1Wso2
6Api Manager
Api Manager AnalyticsIdentity Server+3 more
Nov 21, 2024
Aug 27, 2020
N/A· v4
8.8 HIGH· v3
6.8 MEDIUM· v2
An issue was discovered in certain WSO2 products. A valid Carbon Management Console session cookie may be sent to an attacker-controlled server if the victim submits a crafted Try It request, aka Session Hijacking. This...Show more
An issue was discovered in certain WSO2 products. A valid Carbon Management Console session cookie may be sent to an attacker-controlled server if the victim submits a crafted Try It request, aka Session Hijacking. This affects API Manager through 3.1.0, API Manager Analytics 2.5.0, IS as Key Manager through 5.10.0, Identity Server through 5.10.0, Identity Server Analytics through 5.6.0, and IoT Server 3.1.0.Show less
CVE-2020-24704
1Wso2
9Api Manager
Api Manager AnalyticsApi Microgateway+6 more
Nov 21, 2024
Aug 27, 2020
N/A· v4
6.1 MEDIUM· v3
4.3 MEDIUM· v2
An issue was discovered in certain WSO2 products. The Try It tool allows Reflected XSS. This affects API Manager 2.2.0, API Manager Analytics 2.2.0, API Microgateway 2.2.0, Data Analytics Server 3.2.0, Enterprise Integra...Show more
An issue was discovered in certain WSO2 products. The Try It tool allows Reflected XSS. This affects API Manager 2.2.0, API Manager Analytics 2.2.0, API Microgateway 2.2.0, Data Analytics Server 3.2.0, Enterprise Integrator through 6.6.0, IS as Key Manager 5.5.0, Identity Server 5.5.0 and 5.8.0, Identity Server Analytics 5.5.0, and IoT Server 3.3.0 and 3.3.1.Show less
CVE-2020-24703
1Wso2
9Api Manager
Api Manager AnalyticsApi Microgateway+6 more
Nov 21, 2024
Aug 27, 2020
N/A· v4
8.8 HIGH· v3
6.8 MEDIUM· v2
An issue was discovered in certain WSO2 products. A valid Carbon Management Console session cookie may be sent to an attacker-controlled server if the victim submits a crafted Try It request, aka Session Hijacking. This...Show more
An issue was discovered in certain WSO2 products. A valid Carbon Management Console session cookie may be sent to an attacker-controlled server if the victim submits a crafted Try It request, aka Session Hijacking. This affects API Manager 2.2.0, API Manager Analytics 2.2.0, API Microgateway 2.2.0, Data Analytics Server 3.2.0, Enterprise Integrator through 6.6.0, IS as Key Manager 5.5.0, Identity Server 5.5.0 and 5.8.0, Identity Server Analytics 5.5.0, and IoT Server 3.3.0 and 3.3.1.Show less
CVE-2020-24591
1Wso2
5Api Manager
Api Manager AnalyticsApi Microgateway+2 more
Nov 21, 2024
Aug 21, 2020
N/A· v4
6.5 MEDIUM· v3
5.5 MEDIUM· v2
The Management Console in certain WSO2 products allows XXE attacks during EventReceiver updates. This affects API Manager through 3.0.0, API Manager Analytics 2.2.0 and 2.5.0, API Microgateway 2.2.0, Enterprise Integrato...Show more
The Management Console in certain WSO2 products allows XXE attacks during EventReceiver updates. This affects API Manager through 3.0.0, API Manager Analytics 2.2.0 and 2.5.0, API Microgateway 2.2.0, Enterprise Integrator 6.2.0 and 6.3.0, and Identity Server Analytics through 5.6.0.Show less
CVE-2020-12719
1Wso2
7Api Manager
Api Manager AnalyticsApi Microgateway+4 more
Nov 21, 2024
May 8, 2020
N/A· v4
7.2 HIGH· v3
6.5 MEDIUM· v2
XXE during an EventPublisher update can occur in Management Console in WSO2 API Manager 3.0.0 and earlier, API Manager Analytics 2.5.0 and earlier, API Microgateway 2.2.0, Enterprise Integrator 6.4.0 and earlier, IS as K...Show more
XXE during an EventPublisher update can occur in Management Console in WSO2 API Manager 3.0.0 and earlier, API Manager Analytics 2.5.0 and earlier, API Microgateway 2.2.0, Enterprise Integrator 6.4.0 and earlier, IS as Key Manager 5.9.0 and earlier, Identity Server 5.9.0 and earlier, and Identity Server Analytics 5.6.0 and earlier.Show less