6.1
CVE-2024-1440
- EPSS 0.2%
- Veröffentlicht 02.06.2025 16:51:16
- Zuletzt bearbeitet 06.10.2025 13:48:42
- Quelle ed10eef1-636d-4fbe-9993-6890df
- CVE-Watchlists
- Unerledigt
Open Redirection in Multiple WSO2 Products via Multi-Option Authentication Endpoint
An open redirection vulnerability exists in multiple WSO2 products due to improper validation of the multi-option URL in the authentication endpoint when multi-option authentication is enabled. A malicious actor can craft a valid link that redirects users to an attacker-controlled site. By exploiting this vulnerability, an attacker may trick users into visiting a malicious page, enabling phishing attacks to harvest sensitive information or perform other harmful actions.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Wso2 ≫ Api Manager Version3.1.0
Wso2 ≫ Api Manager Version3.2.0
Wso2 ≫ Api Manager Version4.0.0
Wso2 ≫ Identity Server Version5.10.0
Wso2 ≫ Identity Server Version5.11.0
Wso2 ≫ Identity Server Version6.0.0
Wso2 ≫ Identity Server Version6.1.0
Wso2 ≫ Identity Server Version7.0.0
Wso2 ≫ Identity Server As Key Manager Version5.10.0
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
Login| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.2% | 0.101 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.1 | 2.8 | 2.7 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
| ed10eef1-636d-4fbe-9993-6890dfa878f8 | 5.4 | 2.8 | 2.5 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
|
CWE-601 URL Redirection to Untrusted Site ('Open Redirect')
The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect.
https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2024/WSO2-2024-3171/