The host is installed with WSO2 API Manager 3.1.0 or prior and is prone to an XML entity expansion attack vulnerability. A flaw is present in the application, which fails to properly handle an unknown functionality of the component Management Console. Successful exploitation could allow attackers to cause in a denial-of-service condition.