CVE-2024-0392

EPSS 0.04%
Published 27.02.2025 07:15:32
Last modified 06.10.2025 13:55:23
Source ed10eef1-636d-4fbe-9993-6890df
Teams watchlist Login
Open Login

A Cross-Site Request Forgery (CSRF) vulnerability exists in the management console of WSO2 Enterprise Integrator 6.6.0 due to the absence of CSRF token validation. This flaw allows attackers to craft malicious requests that can trigger state-changing operations on behalf of an authenticated user, potentially compromising account settings and data integrity. The vulnerability only affects a limited set of state-changing operations, and successful exploitation requires social engineering to trick a user with access to the management console into performing the malicious action.

Affected products Warnungen 0 Metrics 2 CWE 1 References 4

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

This information is available to logged-in users.

Data is provided by the National Vulnerability Database (NVD)

Wso2 ≫ Enterprise Integrator Version6.6.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.04%	0.127

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
ed10eef1-636d-4fbe-9993-6890dfa878f8	5.4	2.8	2.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L

CWE-352 Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2024/WSO2-2023-2987/

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2024-0392

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-0392

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-0392

EUVD