CVE-2024-7487

EPSS 0.09%
Published 22.05.2025 19:15:43
Last modified 06.10.2025 13:57:27
Source ed10eef1-636d-4fbe-9993-6890df
Teams watchlist Login
Open Login

An improper authentication vulnerability exists in WSO2 Identity Server 7.0.0 due to an implementation flaw that allows app-native authentication to be bypassed when an invalid object is passed.

Exploitation of this vulnerability could enable malicious actors to circumvent the client verification mechanism, compromising the integrity of the authentication process.

Affected products Warnungen 0 Metrics 2 CWE 1 References 4

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

This information is available to logged-in users.

Data is provided by the National Vulnerability Database (NVD)

Wso2 ≫ Identity Server Version7.0.0 Update-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.09%	0.258

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
ed10eef1-636d-4fbe-9993-6890dfa878f8	5.8	3.9	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N

CWE-287 Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2024/WSO2-2024-3348/

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2024-7487

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-7487

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-7487

EUVD