The host is installed with WSO2 API Manager version 2.6.0 and is prone to an unspecified vulnerability. A flaw is present in the applications which fails to properly handle unspecified vectors. Successful exploitation results in uploaded documents for API documentation to be available to an unauthenticated user.