{ "affected": [ { "database_specific": { "unresolved_ranges": [ { "events": [ { "introduced": "0" }, { "last_affected": "6.6.0" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "5.0.0" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "5.6.0" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "5.7.0" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "5.9.0" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "5.4.0" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "5.4.1" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "5.5.0" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "5.6.0" } ] } ] }, "ranges": [ { "database_specific": { "versions": [ { "introduced": "0" }, { "last_affected": "3.0.0" }, { "introduced": "0" }, { "last_affected": "2.2.0" }, { "introduced": "0" }, { "last_affected": "2.5.0" }, { "introduced": "0" }, { "last_affected": "2.2.0" } ] }, "events": [ { "introduced": "0" }, { "last_affected": "727d091683c8199c37f2d19ab3198abee6553904" }, { "introduced": "0" }, { "last_affected": "5cdc3f8a5ea212c3bf231cb710ea3436e9aad1d7" }, { "introduced": "0" }, { "last_affected": "828807c24e02a88a91a70e6f9dbc6eeb58be3eaf" }, { "introduced": "0" }, { "last_affected": "5cdc3f8a5ea212c3bf231cb710ea3436e9aad1d7" } ], "repo": "https://github.com/wso2/product-apim", "type": "GIT" }, { "database_specific": { "versions": [ { "introduced": "0" }, { "last_affected": "1.0.0" } ] }, "events": [ { "introduced": "0" }, { "last_affected": "135aca18ba1b870b32660d89028b53c05bc12821" } ], "repo": "https://github.com/wso2/product-micro-integrator", "type": "GIT" } ] } ], "details": "Multiple WSO2 products have been identified as vulnerable due to an XML External Entity (XXE) attack abuses a widely available but rarely used feature of XML parsers to access sensitive information.", "id": "CVE-2023-6836", "modified": "2026-03-15T21:49:06.498848567Z", "published": "2023-12-15T10:15:09.407Z", "references": [ { "type": "ADVISORY", "url": "https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2021/WSO2-2020-0716/" } ], "severity": [ { "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "type": "CVSS_V3" } ] }