Miggo Logo
Miggo Vulnerability Database
CVE-2020-13226

CVE-2020-13226: WSO2 API Manager vulnerable to SSRF

9.8

CVSS Score
3.1

Basic Information

CVE ID
CVE-2020-13226
GHSA ID
GHSA-jfgp-q2hg-w285
EPSS Score
0.71166%
CWE
CWE-918
Published
5/24/2022
Updated
8/21/2023
KEV Status
No
Technology
TechnologyJava

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Package NameEcosystemVulnerable VersionsFirst Patched Version
org.wso2.am:am-parentmaven<= 3.0.0

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from the Publisher node's ability to make arbitrary outbound HTTP requests via the endpoint validation feature. The validate()-endpoint API (referenced in product-apim#7677) directly executes HEAD requests using user-controlled 'endpointUrl' parameters without network layer restrictions. This matches the SSRF pattern described in CWE-918 and aligns with the advisory's mention of improper outbound access control in the Publisher component.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

WSO* *PI M*n***r *.*.* *o*s not prop*rly r*stri*t out*oun* n*twork ****ss *rom * Pu*lis**r no**, op*nin* up t** possi*ility o* SSR* to t*is no**'s *ntir* intr*n*t.

Reasoning

T** vuln*r**ility st*ms *rom t** Pu*lis**r no**'s **ility to m*k* *r*itr*ry out*oun* *TTP r*qu*sts vi* t** *n*point `v*li**tion` ***tur*. T** `v*li**t*()`-*n*point *PI (r***r*n*** in `pro*u*t-*pim#****`) *ir**tly *x**ut*s **** r*qu*sts usin* us*r-*on