Wso2 Api_manager
3 CVEs affecting Wso2 Api_manager. Latest disclosed: 2026-05-11. Critical: 0, High: 0.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2025-8325 | Medium | 6.3 | 2026-05-11 | The software fails to enforce role-based access controls for certain Gateway API invocations. Users with the 'Internal/Everyone' role can invoke these APIs, by… |
CVE-2025-8154 | Medium | 5.3 | 2026-05-11 | In Webhook API invocations, the component accepts user-supplied input for HTTP request headers without sufficient validation or sanitization, allowing these he… |
CVE-2017-14651 | Medium | 4.8 | 2017-09-21 | WSO2 Data Analytics Server 3.1.0 has XSS in carbon/resources/add_collection_ajaxprocessor.jsp via the collectionName or parentPath parameter. |