/
Security Advisory WSO2-2019-0571
com.atlassian.confluence.content.render.xhtml.migration.exceptions.UnknownMacroMigrationException: The macro 'next_previous_links' is unknown.
Security Advisory WSO2-2019-0571
- Former user (Deleted)
Owned by Former user (Deleted)
Nov 04, 2019
Published: 04th November 2019
Severity: Medium
CVSS Score: 4.3 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)
AFFECTED PRODUCTS
WSO2 Enterprise Integrator
OVERVIEW
Providing users an option to disable the try-it functionality.
DESCRIPTION
If try-it service is exposed publicly without authentication, it leads to facilitate Server Side Request Forgery (SSRF) attacks.
IMPACT
It is possible for an attacker to leverage SSRF to access services.
SOLUTION
Upgrade the product version to 6.5.0 or higher which are not affected by this SSRF vulnerability. If you have any questions, post them to security@wso2.com.
NOTES
It is highly recommended to migrate older versions of the WSO2 products to the latest released version to receive security fixes.
CREDITS
WSO2 thanks, Soner Soydinc for responsibly reporting the identified issue and working with us as we addressed them.
, multiple selections available,
Related content
Security Advisory WSO2-2019-0598
Security Advisory WSO2-2019-0598
More like this
Security Advisory WSO2-2019-0634
Security Advisory WSO2-2019-0634
More like this
Security Advisory WSO2-2019-0616
Security Advisory WSO2-2019-0616
More like this
Security Advisory WSO2-2019-0624
Security Advisory WSO2-2019-0624
More like this
Security Advisory WSO2-2019-0618
Security Advisory WSO2-2019-0618
More like this
Security Advisory WSO2-2020-0685
Security Advisory WSO2-2020-0685
More like this
com.atlassian.confluence.content.render.xhtml.migration.exceptions.UnknownMacroMigrationException: The macro 'next_previous_links2' is unknown.