本ページは wso2 micro_integrator に影響する公開済み CVE(NVD の CPE 経由で関連付け)を列挙します。各行に深刻度指標・概要・公開日が含まれます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2025-11093 | An arbitrary code execution vulnerability exists in multiple WSO2 products due to insufficient restrictions in the GraalJS and NashornJS Script Mediator engines. Authenticated users with elevated privileges can execute arbitrary code within the integration runtime environment. By default, access to these scripting engines is limited to administrators in WSO2 Micro Integrator and WSO2 Enterprise Integrator, while in WSO2 API Manager, access extends to both administrators and API creators. This m | ed10eef1-636d-4fbe-9993-6890dfa878f8 | 8.4 | 0.09% | 2025-11-05 | 2026-01-09 |
| CVE-2024-4598 | An information disclosure vulnerability exists in multiple WSO2 products due to improper implementation of the enrich mediator. Authenticated users may be able to view unintended business data from other mediation contexts because the internal state is not properly isolated or cleared between executions. This vulnerability does not impact user credentials or access tokens but may lead to leakage of sensitive business information handled during message flows. | ed10eef1-636d-4fbe-9993-6890dfa878f8 | 6.5 | 0.05% | 2025-09-23 | 2026-01-09 |
| CVE-2023-6836 | Multiple WSO2 products have been identified as vulnerable due to an XML External Entity (XXE) attack abuses a widely available but rarely used feature of XML parsers to access sensitive information. | ed10eef1-636d-4fbe-9993-6890dfa878f8 | 4.6 | 0.17% | 2023-12-15 | 2024-11-21 |
| CVE-2022-29548 | A reflected XSS issue exists in the Management Console of several WSO2 products. This affects API Manager 2.2.0, 2.5.0, 2.6.0, 3.0.0, 3.1.0, 3.2.0, and 4.0.0; API Manager Analytics 2.2.0, 2.5.0, and 2.6.0; API Microgateway 2.2.0; Data Analytics Server 3.2.0; Enterprise Integrator 6.2.0, 6.3.0, 6.4.0, 6.5.0, and 6.6.0; IS as Key Manager 5.5.0, 5.6.0, 5.7.0, 5.9.0, and 5.10.0; Identity Server 5.5.0, 5.6.0, 5.7.0, 5.9.0, 5.10.0, and 5.11.0; Identity Server Analytics 5.5.0 and 5.6.0; and WSO2 Micro | [email protected] | 4.6 | 76.36% | 2022-04-21 | 2024-11-21 |
| CVE-2020-17453 | WSO2 Management Console through 5.10 allows XSS via the carbon/admin/login.jsp msgId parameter. | [email protected] | 6.1 | 57.85% | 2021-04-05 | 2024-11-21 |