CVE-2024-7487

EPSS 0.27%
Veröffentlicht 22.05.2025 19:15:43
Zuletzt bearbeitet 06.10.2025 13:57:27
Quelle ed10eef1-636d-4fbe-9993-6890df
CVE-Watchlists
Login
Unerledigt
Login

Improper Authentication in WSO2 Identity Server 7.0.0 Allows Bypass of App-Native Authentication

An improper authentication vulnerability exists in WSO2 Identity Server 7.0.0 due to an implementation flaw that allows app-native authentication to be bypassed when an invalid object is passed.

Exploitation of this vulnerability could enable malicious actors to circumvent the client verification mechanism, compromising the integrity of the authentication process.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 4

NVD 1 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Wso2 ≫ Identity Server Version7.0.0 Update-

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.27%	0.188

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
ed10eef1-636d-4fbe-9993-6890dfa878f8	5.8	3.9	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N

CWE-287 Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2024/WSO2-2024-3348/

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2024-7487

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-7487

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-7487

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2024-7487