The Management Console in WSO2 API Manager through 3.1.0 and API Microgateway 2.2.0 allows XML External Entity injection (XXE) attacks.
Source: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24589
Reference (s):
- https://docs.wso2.com/display/Security/Security+Advisory+WSO2-2020-0742