{"api_version":"1","generated_at":"2026-05-13T07:40:45+00:00","cve":"CVE-2020-12719","urls":{"html":"https://cve.report/CVE-2020-12719","api":"https://cve.report/api/cve/CVE-2020-12719.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2020-12719","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2020-12719"},"summary":{"title":"CVE-2020-12719","description":"XXE during an EventPublisher update can occur in Management Console in WSO2 API Manager 3.0.0 and earlier, API Manager Analytics 2.5.0 and earlier, API Microgateway 2.2.0, Enterprise Integrator 6.4.0 and earlier, IS as Key Manager 5.9.0 and earlier, Identity Server 5.9.0 and earlier, and Identity Server Analytics 5.6.0 and earlier.","state":"PUBLIC","assigner":"cve@mitre.org","published_at":"2020-05-08 00:15:00","updated_at":"2020-05-14 15:58:00"},"problem_types":["CWE-611"],"metrics":[],"references":[{"url":"https://docs.wso2.com/display/Security/Security+Advisory+WSO2-2019-0665","name":"https://docs.wso2.com/display/Security/Security+Advisory+WSO2-2019-0665","refsource":"MISC","tags":["Vendor Advisory"],"title":"Security Advisory WSO2-2019-0665 - WSO2 Platform Security - WSO2 Documentation","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2020-12719","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-12719","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2020","cve_id":"12719","vulnerable":"1","versionEndIncluding":"3.0.0","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"wso2","cpe5":"api_manager","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"12719","vulnerable":"1","versionEndIncluding":"2.5.0","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"wso2","cpe5":"api_manager_analytics","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"12719","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"wso2","cpe5":"api_microgateway","cpe6":"2.2.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"12719","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"wso2","cpe5":"api_microgateway","cpe6":"2.2.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"12719","vulnerable":"1","versionEndIncluding":"6.4.0","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"wso2","cpe5":"enterprise_integrator","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"12719","vulnerable":"1","versionEndIncluding":"5.9.0","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"wso2","cpe5":"identity_server","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"12719","vulnerable":"1","versionEndIncluding":"5.6.0","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"wso2","cpe5":"identity_server_analytics","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"12719","vulnerable":"1","versionEndIncluding":"5.9.0","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"wso2","cpe5":"identity_server_as_key_manager","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2020-12719","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"XXE during an EventPublisher update can occur in Management Console in WSO2 API Manager 3.0.0 and earlier, API Manager Analytics 2.5.0 and earlier, API Microgateway 2.2.0, Enterprise Integrator 6.4.0 and earlier, IS as Key Manager 5.9.0 and earlier, Identity Server 5.9.0 and earlier, and Identity Server Analytics 5.6.0 and earlier."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"url":"https://docs.wso2.com/display/Security/Security+Advisory+WSO2-2019-0665","refsource":"MISC","name":"https://docs.wso2.com/display/Security/Security+Advisory+WSO2-2019-0665"}]},"impact":{"cvss":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"NONE","privilegesRequired":"HIGH","scope":"CHANGED","userInteraction":"NONE","vectorString":"CVSS:3.0/AC:L/AV:N/A:H/C:H/I:N/PR:H/S:C/UI:N","version":"3.0"}}},"nvd":{"publishedDate":"2020-05-08 00:15:00","lastModifiedDate":"2020-05-14 15:58:00","problem_types":["CWE-611"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":7.2,"baseSeverity":"HIGH"},"exploitabilityScore":1.2,"impactScore":5.9},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:P/A:P","accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL","baseScore":6.5},"severity":"MEDIUM","exploitabilityScore":8,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:wso2:identity_server_analytics:*:*:*:*:*:*:*:*","versionEndIncluding":"5.6.0","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:wso2:identity_server:*:*:*:*:*:*:*:*","versionEndIncluding":"5.9.0","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:wso2:identity_server_as_key_manager:*:*:*:*:*:*:*:*","versionEndIncluding":"5.9.0","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:wso2:enterprise_integrator:*:*:*:*:*:*:*:*","versionEndIncluding":"6.4.0","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:wso2:api_microgateway:2.2.0:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:wso2:api_manager_analytics:*:*:*:*:*:*:*:*","versionEndIncluding":"2.5.0","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:wso2:api_manager:*:*:*:*:*:*:*:*","versionEndIncluding":"3.0.0","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2020","CveId":"12719","Ordinal":"173889","Title":"CVE-2020-12719","CVE":"CVE-2020-12719","Year":"2020"},"notes":[{"CveYear":"2020","CveId":"12719","Ordinal":"1","NoteData":"XXE during an EventPublisher update can occur in Management Console in WSO2 API Manager 3.0.0 and earlier, API Manager Analytics 2.5.0 and earlier, API Microgateway 2.2.0, Enterprise Integrator 6.4.0 and earlier, IS as Key Manager 5.9.0 and earlier, Identity Server 5.9.0 and earlier, and Identity Server Analytics 5.6.0 and earlier.","Type":"Description","Title":null},{"CveYear":"2020","CveId":"12719","Ordinal":"2","NoteData":"2020-05-07","Type":"Other","Title":"Published"},{"CveYear":"2020","CveId":"12719","Ordinal":"3","NoteData":"2020-05-07","Type":"Other","Title":"Modified"}]}}}