CVE-2024-2374: CWE-611: Improper Restriction of XML External Entity Reference ('XXE') in WSO2 WSO2 API Manager
The XML parsers within multiple WSO2 products accept user-supplied XML data without properly configuring to prevent the resolution of external entities. This omission allows malicious actors to craft XML payloads that exploit the parser's behavior, leading to the inclusion of external resources. By leveraging this vulnerability, an attacker can read confidential files from the file system and access limited HTTP resources reachable by the product. Additionally, the vulnerability can be exploited to perform denial of service attacks by exhausting server resources through recursive entity expansion or fetching large external resources.
AI Analysis
Technical Summary
WSO2 API Manager versions 3.1.0 to 4.3.0 contain an XXE vulnerability (CWE-611) due to improper configuration of XML parsers that accept user-supplied XML without disabling external entity resolution. This allows attackers to craft malicious XML payloads that can read confidential files on the server and access limited HTTP resources. The vulnerability also enables denial of service attacks by exhausting server resources through recursive entity expansion or large external resource fetching. The CVSS 3.1 score is 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N), reflecting high impact on confidentiality with no required privileges or user interaction. No vendor advisory or patch is currently available, and the product is not a cloud service, so remediation must be managed by the user.
Potential Impact
Successful exploitation can lead to disclosure of sensitive files on the server hosting WSO2 API Manager and access to certain internal HTTP resources. It also allows denial of service conditions by resource exhaustion. The vulnerability does not impact integrity or availability directly but compromises confidentiality significantly. There are no known exploits in the wild at this time.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Since no official patch or workaround is currently provided, users should monitor WSO2 advisories for updates. Until a fix is available, consider restricting XML input sources, disabling external entity processing in XML parsers if configurable, or applying network-level controls to limit access to sensitive files and internal HTTP resources.
CVE-2024-2374: CWE-611: Improper Restriction of XML External Entity Reference ('XXE') in WSO2 WSO2 API Manager
Description
The XML parsers within multiple WSO2 products accept user-supplied XML data without properly configuring to prevent the resolution of external entities. This omission allows malicious actors to craft XML payloads that exploit the parser's behavior, leading to the inclusion of external resources. By leveraging this vulnerability, an attacker can read confidential files from the file system and access limited HTTP resources reachable by the product. Additionally, the vulnerability can be exploited to perform denial of service attacks by exhausting server resources through recursive entity expansion or fetching large external resources.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
WSO2 API Manager versions 3.1.0 to 4.3.0 contain an XXE vulnerability (CWE-611) due to improper configuration of XML parsers that accept user-supplied XML without disabling external entity resolution. This allows attackers to craft malicious XML payloads that can read confidential files on the server and access limited HTTP resources. The vulnerability also enables denial of service attacks by exhausting server resources through recursive entity expansion or large external resource fetching. The CVSS 3.1 score is 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N), reflecting high impact on confidentiality with no required privileges or user interaction. No vendor advisory or patch is currently available, and the product is not a cloud service, so remediation must be managed by the user.
Potential Impact
Successful exploitation can lead to disclosure of sensitive files on the server hosting WSO2 API Manager and access to certain internal HTTP resources. It also allows denial of service conditions by resource exhaustion. The vulnerability does not impact integrity or availability directly but compromises confidentiality significantly. There are no known exploits in the wild at this time.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Since no official patch or workaround is currently provided, users should monitor WSO2 advisories for updates. Until a fix is available, consider restricting XML input sources, disabling external entity processing in XML parsers if configurable, or applying network-level controls to limit access to sensitive files and internal HTTP resources.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- WSO2
- Date Reserved
- 2024-03-11T13:41:10.687Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 69e09e7782d89c981f68cc36
Added to database: 4/16/2026, 8:31:51 AM
Last enriched: 4/16/2026, 8:46:51 AM
Last updated: 4/18/2026, 8:29:43 AM
Views: 27
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.