4.3
CVE-2024-3511
- EPSS 0.04%
- Published 23.06.2025 08:47:55
- Last modified 06.10.2025 13:35:40
- Source ed10eef1-636d-4fbe-9993-6890df
- Teams watchlist Login
- Open Login
An incorrect authorization vulnerability exists in multiple WSO2 products that allows unauthorized access to versioned files stored in the registry. Due to flawed authorization logic, a malicious actor with access to the management console can exploit a specific bypass method to retrieve versioned files without proper authorization. Successful exploitation of this vulnerability could lead to unauthorized disclosure of configuration or resource files that may be stored as registry versions, potentially aiding further attacks or system reconnaissance.
Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
This information is available to logged-in users. Login
Data is provided by the National Vulnerability Database (NVD)
Wso2 ≫ Api Manager Version3.2.0
Wso2 ≫ Api Manager Version3.2.1
Wso2 ≫ Api Manager Version4.0.0
Wso2 ≫ Api Manager Version4.1.0 Update-
Wso2 ≫ Api Manager Version4.2.0 Update-
Wso2 ≫ Api Manager Version4.3.0 Update-
Wso2 ≫ Enterprise Integrator Version6.6.0
Wso2 ≫ Identity Server Version5.10.0
Wso2 ≫ Identity Server Version5.11.0
Wso2 ≫ Identity Server Version6.0.0
Wso2 ≫ Identity Server Version6.1.0
Wso2 ≫ Identity Server Version7.0.0
Wso2 ≫ Identity Server As Key Manager Version5.10.0
Wso2 ≫ Open Banking Am Version2.0.0
Wso2 ≫ Open Banking Iam Version2.0.0
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.04% | 0.099 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| ed10eef1-636d-4fbe-9993-6890dfa878f8 | 4.3 | 2.8 | 1.4 |
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
|
CWE-863 Incorrect Authorization
The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.