CVE-2019-6512

low-risk

Published 2019-05-14

An issue was discovered in WSO2 API Manager 2.6.0. It is possible to force the application to perform requests to the internal workstation (SSRF port-scanning), other adjacent workstations (SSRF network scanning), or to enumerate files because of the existence of the file:// wrapper.

Do I need to act?

0.34% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 4.1/10 Medium

NETWORK / LOW complexity

Affected Products (1)

Api Manager

Affected Vendors

Wso2

References (5)

https://cds.thalesgroup.com/en/tcs-cert/CVE-2019-6512

Vendor Advisory https://wso2.com/security-patch-releases/api-manager

Third Party Advisory https://www.excellium-services.com/cert-xlm-advisory

Vendor Advisory https://wso2.com/security-patch-releases/api-manager

Third Party Advisory https://www.excellium-services.com/cert-xlm-advisory

/ 100

low-risk

Severity 18/34 · Moderate

Exploitability 1/34 · Minimal

Exposure 5/34 · Minimal