9.6
CVE-2025-9804
- EPSS 0.06%
- Veröffentlicht 16.10.2025 12:33:45
- Zuletzt bearbeitet 21.11.2025 21:40:09
- Quelle ed10eef1-636d-4fbe-9993-6890df
- CVE-Watchlists
- Unerledigt
An improper access control vulnerability exists in multiple WSO2 products due to insufficient permission enforcement in certain internal SOAP Admin Services and System REST APIs. A low-privileged user may exploit this flaw to perform unauthorized operations, including accessing server-level information. This vulnerability affects only internal administrative interfaces. APIs exposed through the WSO2 API Manager's API Gateway remain unaffected.
Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
LoginDaten sind bereitgestellt durch National Vulnerability Database (NVD)
Wso2 ≫ Api Control Plane Version4.5.0 Update-
Wso2 ≫ Api Manager Version2.0.0
Wso2 ≫ Api Manager Version2.1.0
Wso2 ≫ Api Manager Version2.2.0
Wso2 ≫ Api Manager Version2.5.0
Wso2 ≫ Api Manager Version2.6.0
Wso2 ≫ Api Manager Version3.0.0
Wso2 ≫ Api Manager Version3.1.0
Wso2 ≫ Api Manager Version3.2.0
Wso2 ≫ Api Manager Version3.2.1
Wso2 ≫ Api Manager Version4.0.0
Wso2 ≫ Api Manager Version4.1.0 Update-
Wso2 ≫ Api Manager Version4.2.0 Update-
Wso2 ≫ Api Manager Version4.3.0 Update-
Wso2 ≫ Api Manager Version4.4.0 Update-
Wso2 ≫ Api Manager Version4.5.0 Update-
Wso2 ≫ Api Manager Analytics Version2.0.0
Wso2 ≫ Api Manager Analytics Version2.1.0
Wso2 ≫ Api Manager Analytics Version2.2.0
Wso2 ≫ Api Manager Analytics Version2.5.0
Wso2 ≫ Data Analytics Server Version3.1.0
Wso2 ≫ Data Analytics Server Version3.2.0
Wso2 ≫ Enterprise Integrator Version6.2.0
Wso2 ≫ Enterprise Integrator Version6.3.0
Wso2 ≫ Enterprise Mobility Manager Version2.2.0
Wso2 ≫ Enterprise Service Bus Version5.0.0
Wso2 ≫ Identity Server Version5.2.0
Wso2 ≫ Identity Server Version5.3.0
Wso2 ≫ Identity Server Version5.4.0
Wso2 ≫ Identity Server Version5.4.1
Wso2 ≫ Identity Server Version5.5.0
Wso2 ≫ Identity Server Version5.6.0
Wso2 ≫ Identity Server Version5.7.0
Wso2 ≫ Identity Server Version5.8.0
Wso2 ≫ Identity Server Version5.9.0
Wso2 ≫ Identity Server Version5.10.0
Wso2 ≫ Identity Server Version5.11.0
Wso2 ≫ Identity Server Version6.0.0 Update-
Wso2 ≫ Identity Server Version6.1.0 Update-
Wso2 ≫ Identity Server Version7.0.0 Update-
Wso2 ≫ Identity Server Version7.1.0 Update-
Wso2 ≫ Identity Server Analytics Version5.2.0
Wso2 ≫ Identity Server Analytics Version5.3.0
Wso2 ≫ Identity Server Analytics Version5.5.0
Wso2 ≫ Identity Server Analytics Version5.6.0
Wso2 ≫ Identity Server As Key Manager Version5.3.0
Wso2 ≫ Identity Server As Key Manager Version5.5.0
Wso2 ≫ Identity Server As Key Manager Version5.6.0
Wso2 ≫ Identity Server As Key Manager Version5.7.0
Wso2 ≫ Identity Server As Key Manager Version5.9.0
Wso2 ≫ Identity Server As Key Manager Version5.10.0
Wso2 ≫ Open Banking Am Version1.4.0
Wso2 ≫ Open Banking Am Version1.5.0
Wso2 ≫ Open Banking Am Version2.0.0
Wso2 ≫ Open Banking Iam Version2.0.0
Wso2 ≫ Open Banking Km Version1.4.0
Wso2 ≫ Open Banking Km Version1.5.0
Wso2 ≫ Traffic Manager Version4.5.0
Wso2 ≫ Universal Gateway Version4.5.0
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.06% | 0.182 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.5 | 2.8 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
|
| ed10eef1-636d-4fbe-9993-6890dfa878f8 | 9.6 | 2.8 | 6 |
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
|
CWE-284 Improper Access Control
The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.