CVE-2024-7074

EPSS 0.1%
Veröffentlicht 02.06.2025 16:42:19
Zuletzt bearbeitet 02.06.2025 17:32:17
Quelle ed10eef1-636d-4fbe-9993-6890df
Teams Watchlist Login
Unerledigt Login

An arbitrary file upload vulnerability exists in multiple WSO2 products due to improper validation of user input in SOAP admin services. A malicious actor with administrative privileges can upload an arbitrary file to a user-controlled location on the server.

By leveraging this vulnerability, an attacker could upload a specially crafted payload, potentially achieving remote code execution (RCE) on the server. Exploitation requires valid admin credentials, limiting its impact to authorized but potentially malicious users.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 4

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerWSO2

≫

Produkt WSO2 Enterprise Integrator

Default Statusunaffected

Version < 6.0.0

Version 0

Status unknown

Version < 6.0.0.21

Version 6.0.0

Status affected

Version < 6.1.0.38

Version 6.1.0

Status affected

Version < 6.1.1.42

Version 6.1.1

Status affected

Version < 6.2.0.61

Version 6.2.0

Status affected

Version < 6.3.0.69

Version 6.3.0

Status affected

Version < 6.4.0.96

Version 6.4.0

Status affected

Version < 6.5.0.102

Version 6.5.0

Status affected

Version < 6.6.0.198

Version 6.6.0

Status affected

HerstellerWSO2

≫

Produkt WSO2 API Manager

Default Statusunaffected

Version < 2.0.0

Version 0

Status unknown

Version < 2.0.0.28

Version 2.0.0

Status affected

Version < 2.1.0.38

Version 2.1.0

Status affected

Version < 2.2.0.57

Version 2.2.0

Status affected

Version < 2.5.0.83

Version 2.5.0

Status affected

Version < 2.6.0.143

Version 2.6.0

Status affected

Version < 3.0.0.162

Version 3.0.0

Status affected

Version < 3.1.0.293

Version 3.1.0

Status affected

Version < 3.2.0.384

Version 3.2.0

Status affected

Version < 3.2.1.16

Version 3.2.1

Status affected

Version < 4.0.0.305

Version 4.0.0

Status affected

Version < 4.1.0.166

Version 4.1.0

Status affected

Version < 4.2.0.100

Version 4.2.0

Status affected

Version < 4.3.0.16

Version 4.3.0

Status affected

HerstellerWSO2

≫

Produkt WSO2 Enterprise Service Bus

Default Statusunknown

Version < 4.9.0.10

Version 4.9.0

Status affected

Version < 5.0.0.28

Version 5.0.0

Status affected

HerstellerWSO2

≫

Produkt WSO2 Enterprise Mobility Manager

Default Statusunknown

Version < 2.2.0.27

Version 2.2.0

Status affected

HerstellerWSO2

≫

Produkt WSO2 Micro Integrator

Default Statusunaffected

Version < 1.0.0

Version 0

Status unknown

Version < 1.0.0.49

Version 1.0.0

Status affected

HerstellerWSO2

≫

Produkt WSO2 Open Banking AM

Default Statusunaffected

Version < 1.3.0

Version 0

Status unknown

Version < 1.3.0.132

Version 1.3.0

Status affected

Version < 1.4.0.135

Version 1.4.0

Status affected

Version < 1.5.0.137

Version 1.5.0

Status affected

Version < 2.0.0.342

Version 2.0.0

Status affected

HerstellerWSO2

≫

Produkt WSO2 Carbon Synapse Artifact Uploader BE

Default Statusunknown

Version < 4.4.10.3

Version 4.4.10

Status affected

Version < 4.6.1.4

Version 4.6.1

Status affected

Version < 4.6.6.9

Version 4.6.6

Status affected

Version < 4.6.10.4

Version 4.6.10

Status affected

Version < 4.6.16.2

Version 4.6.16

Status affected

Version < 4.6.19.10

Version 4.6.19

Status affected

Version < 4.6.64.2

Version 4.6.64

Status affected

Version < 4.6.67.15

Version 4.6.67

Status affected

Version < 4.6.89.12

Version 4.6.89

Status affected

Version < 4.6.105.59

Version 4.6.105

Status affected

Version < 4.6.150.11

Version 4.6.150

Status affected

Version < 4.7.20.5

Version 4.7.20

Status affected

Version < 4.7.30.42

Version 4.7.30

Status affected

Version < 4.7.35.5

Version 4.7.35

Status affected

Version < 4.7.61.56

Version 4.7.61

Status affected

Version < 4.7.99.299

Version 4.7.99

Status affected

Version < 4.7.131.15

Version 4.7.131

Status affected

Version < 4.7.175.18

Version 4.7.175

Status affected

Version < 4.7.188.5

Version 4.7.188

Status affected

Version < 4.7.204.5

Version 4.7.204

Status affected

Version <= *

Version 4.7.216

Status unaffected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.1%	0.279

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
ed10eef1-636d-4fbe-9993-6890dfa878f8	6.8	0.9	5.9	CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CWE-434 Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2025/WSO2-2024-3566/

https://nvd.nist.gov/vuln/detail/CVE-2024-7074

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-7074

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-7074

EUVD