CVE-2022-29464

Warning

Exploit

EPSS 94.43%
Published 18.04.2022 22:15:09
Last modified 03.04.2025 18:54:31
Source cve@mitre.org
Teams watchlist Login
Open Login

Certain WSO2 products allow unrestricted file upload with resultant remote code execution. The attacker must use a /fileupload endpoint with a Content-Disposition directory traversal sequence to reach a directory under the web root, such as a ../../../../repository/deployment/server/webapps directory. This affects WSO2 API Manager 2.2.0 up to 4.0.0, WSO2 Identity Server 5.2.0 up to 5.11.0, WSO2 Identity Server Analytics 5.4.0, 5.4.1, 5.5.0 and 5.6.0, WSO2 Identity Server as Key Manager 5.3.0 up to 5.11.0, WSO2 Enterprise Integrator 6.2.0 up to 6.6.0, WSO2 Open Banking AM 1.4.0 up to 2.0.0 and WSO2 Open Banking KM 1.4.0, up to 2.0.0.

Affected products Warnungen 1 Metrics 4 CWE 1 References 7

Data is provided by the National Vulnerability Database (NVD)

Wso2 ≫ Api Manager Version >= 2.2.0 <= 4.0.0

Wso2 ≫ Enterprise Integrator Version >= 6.2.0 <= 6.6.0

Wso2 ≫ Identity Server Version >= 5.2.0 <= 5.11.0

Wso2 ≫ Identity Server Analytics Version5.4.0

Wso2 ≫ Identity Server Analytics Version5.4.1

Wso2 ≫ Identity Server Analytics Version5.5.0

Wso2 ≫ Identity Server Analytics Version5.6.0

Wso2 ≫ Identity Server As Key Manager Version >= 5.3.0 <= 5.10.0

Wso2 ≫ Open Banking Am Version >= 1.3.0 <= 2.0.0

Wso2 ≫ Open Banking Iam Version2.0.0

Wso2 ≫ Open Banking Km Version >= 1.3.0 <= 1.5.0

25.04.2022: CISA Known Exploited Vulnerabilities (KEV) Catalog

WSO2 Multiple Products Unrestrictive Upload of File Vulnerability

Vulnerability

Multiple WSO2 products allow for unrestricted file upload, resulting in remote code execution.

Description

Apply updates per vendor instructions.

Required actions

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	94.43%	0.999

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	10	10	10	AV:N/AC:L/Au:N/C:C/I:C/A:C
cve@mitre.org	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

http://packetstormsecurity.com/files/166921/WSO-Arbitrary-File-Upload-Remote-Code-Execution.html

Third Party Advisory

Exploit

VDB Entry

http://www.openwall.com/lists/oss-security/2022/04/22/7

Third Party Advisory

Mailing List

https://github.com/hakivvi/CVE-2022-29464

Third Party Advisory

Exploit

https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2022/WSO2-2021-1738/

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2022-29464

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-29464

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-29464

EUVD