Security Patch Releases

Enterprise Integrator

<< All Products

Security PatchProduct VersionDescription
WSO2-CARBON-PATCH-4.4.0-16626.1.1Release Date - Dec 19, 2017

With the Apache Tomcat upgrade, following Common Vulnerability Exposure is fixed. CVE-2017-12616: Information Disclosure

Security Advisory Link
WSO2-CARBON-PATCH-4.4.0-14136.1.1Release Date - Sep 4, 2017

This vulnerability is discovered in the message dialog page of the Management Console. However, exploiting the vulnerability remotely is not possible as the malicious script should be injected to an input and given input should be displayed back to the user in a message dialog box.

Security Advisory Link
WSO2-CARBON-PATCH-4.4.0-13136.1.1Release Date - Sep 4, 2017

A reflected XSS attack could be performed in the Registry Browser of the Management Console by sending an HTTP GET request with a harmful request parameter.

Security Advisory Link