{"id":"CVE-2020-12719","details":"XXE during an EventPublisher update can occur in Management Console in WSO2 API Manager 3.0.0 and earlier, API Manager Analytics 2.5.0 and earlier, API Microgateway 2.2.0, Enterprise Integrator 6.4.0 and earlier, IS as Key Manager 5.9.0 and earlier, Identity Server 5.9.0 and earlier, and Identity Server Analytics 5.6.0 and earlier.","modified":"2026-04-11T12:24:25.779562Z","published":"2020-05-08T00:15:12.033Z","database_specific":{"unresolved_ranges":[{"cpe":"cpe:2.3:a:wso2:enterprise_integrator:*:*:*:*:*:*:*:*","extracted_events":[{"last_affected":"6.4.0"}],"source":"CPE_FIELD"},{"cpe":"cpe:2.3:a:wso2:identity_server:*:*:*:*:*:*:*:*","extracted_events":[{"last_affected":"5.9.0"}],"source":"CPE_FIELD"},{"cpe":"cpe:2.3:a:wso2:identity_server_as_key_manager:*:*:*:*:*:*:*:*","extracted_events":[{"last_affected":"5.9.0"}],"source":"CPE_FIELD"}]},"references":[{"type":"ADVISORY","url":"https://docs.wso2.com/display/Security/Security+Advisory+WSO2-2019-0665"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/wso2-attic/analytics-is","events":[{"introduced":"0"},{"last_affected":"bd89e4586d7e8c240c93b03b9acb3a1e93078781"}],"database_specific":{"cpe":"cpe:2.3:a:wso2:identity_server_analytics:*:*:*:*:*:*:*:*","extracted_events":[{"introduced":"0"},{"last_affected":"5.6.0"}],"source":"CPE_FIELD"}}],"versions":["v5.2.0-beta2","v5.2.0-latest","v5.3.0-alpha2","v5.4.0-beta","v5.4.0-update1","v5.4.0-update4","v5.4.1","v5.5.0","v5.5.0-alpha","v5.5.0-alpha2","v5.5.0-alpha3","v5.5.0-beta","v5.5.0-rc1","v5.5.0-rc2","v5.6.0","v5.6.0-rc1","v5.6.0-rc2","v5.6.0-rc3"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-12719.json"}},{"ranges":[{"type":"GIT","repo":"https://github.com/wso2/product-apim","events":[{"introduced":"0"},{"last_affected":"727d091683c8199c37f2d19ab3198abee6553904"},{"last_affected":"828807c24e02a88a91a70e6f9dbc6eeb58be3eaf"},{"last_affected":"5cdc3f8a5ea212c3bf231cb710ea3436e9aad1d7"}],"database_specific":{"cpe":["cpe:2.3:a:wso2:api_manager:*:*:*:*:*:*:*:*","cpe:2.3:a:wso2:api_manager_analytics:*:*:*:*:*:*:*:*","cpe:2.3:a:wso2:api_microgateway:2.2.0:*:*:*:*:*:*:*"],"extracted_events":[{"introduced":"0"},{"last_affected":"3.0.0"},{"last_affected":"2.5.0"},{"last_affected":"2.2.0"}],"source":"CPE_FIELD"}}],"versions":["test-tag-1.9.0-Alpha","v1.9.0","v1.9.0-Alpha","v1.9.0-Beta","v1.9.0-Beta-2","v1.9.0-Beta-3","v1.9.0-M2","v2.0.0-ALPHA","v2.0.0-M4","v2.1.0-alpha","v2.1.0-update1","v2.1.0-update10","v2.1.0-update11","v2.1.0-update12","v2.1.0-update13","v2.1.0-update14","v2.1.0-update2","v2.1.0-update3","v2.1.0-update5","v2.1.0-update7","v2.1.0-update8","v2.1.0-update9","v2.2.0","v2.2.0-update1","v2.2.0-update2","v2.2.0-update3","v2.2.0-update4","v2.2.0-update5","v2.2.0-update6","v2.2.0-update7","v2.5.0","v2.5.0-Alpha","v2.5.0-Beta","v2.5.0-rc1","v2.5.0-rc2","v2.5.0-rc3","v2.5.0-rc4","v2.6.0","v2.6.0-alpha","v2.6.0-alpha2","v2.6.0-beta","v2.6.0-beta2","v2.6.0-m1","v2.6.0-m2","v2.6.0-rc1","v2.6.0-rc2","v2.6.0-rc3","v3.0.0","v3.0.0-alpha","v3.0.0-alpha2","v3.0.0-beta","v3.0.0-m32","v3.0.0-m33","v3.0.0-m34","v3.0.0-m35","v3.0.0-rc1","v3.0.0-rc2","v3.0.0-rc3"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-12719.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"}]}