Security Patch Releases

Enterprise Integrator

<< All Products

Security PatchProduct VersionDescription
WSO2-CARBON-PATCH-4.4.0-48606.5.0Release Date - Oct 4, 2019

It has been identified that implementation of javax.xml.transform.TransformerFactory in jaggery components of WSO2 API Manager is vulnerable to XXE.

Security Advisory Link
WSO2-CARBON-PATCH-4.4.0-46686.5.0Release Date - Oct 4, 2019

A verbose error message vulnerability has been identified in the management console.

Security Advisory Link
WSO2-CARBON-PATCH-4.4.0-16626.1.1Release Date - Dec 19, 2017

With the Apache Tomcat upgrade, following Common Vulnerability Exposure is fixed. CVE-2017-12616: Information Disclosure

Security Advisory Link
WSO2-CARBON-PATCH-4.4.0-14136.1.1Release Date - Sep 4, 2017

This vulnerability is discovered in the message dialog page of the Management Console. However, exploiting the vulnerability remotely is not possible as the malicious script should be injected to an input and given input should be displayed back to the user in a message dialog box.

Security Advisory Link
WSO2-CARBON-PATCH-4.4.0-13136.1.1Release Date - Sep 4, 2017

A reflected XSS attack could be performed in the Registry Browser of the Management Console by sending an HTTP GET request with a harmful request parameter.

Security Advisory Link