Wso2

Open Banking Am

22 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.8

CVE-2025-10611

  • EPSS 0.28%
  • Veröffentlicht 16.10.2025 12:09:31
  • Zuletzt bearbeitet 21.11.2025 21:38:23

Due to an insufficient access control implementation in multiple WSO2 Products, authentication and authorization checks for certain REST APIs can be bypassed, allowing them to be invoked without proper validation. Successful exploitation of this vul...

7.2

CVE-2025-5717

  • EPSS 0.33%
  • Veröffentlicht 23.09.2025 16:15:33
  • Zuletzt bearbeitet 21.11.2025 21:34:06

An authenticated remote code execution (RCE) vulnerability exists in multiple WSO2 products due to improper input validation in the event processor admin service. A user with administrative access to the SOAP admin services can exploit this flaw by d...

4.3

CVE-2024-3511

  • EPSS 0.04%
  • Veröffentlicht 23.06.2025 08:47:55
  • Zuletzt bearbeitet 06.10.2025 13:35:40

An incorrect authorization vulnerability exists in multiple WSO2 products that allows unauthorized access to versioned files stored in the registry. Due to flawed authorization logic, a malicious actor with access to the management console can exploi...

6.1

CVE-2024-1440

  • EPSS 0.14%
  • Veröffentlicht 02.06.2025 16:51:16
  • Zuletzt bearbeitet 06.10.2025 13:48:42

An open redirection vulnerability exists in multiple WSO2 products due to improper validation of the multi-option URL in the authentication endpoint when multi-option authentication is enabled. A malicious actor can craft a valid link that redirects ...

5.2

CVE-2024-8008

  • EPSS 0.1%
  • Veröffentlicht 02.06.2025 16:48:12
  • Zuletzt bearbeitet 06.10.2025 13:51:36

A reflected cross-site scripting (XSS) vulnerability exists in multiple WSO2 products due to insufficient output encoding in error messages generated by the JDBC user store connection validation request. A malicious actor can inject a specially craft...

4.3

CVE-2024-3509

  • EPSS 0.1%
  • Veröffentlicht 02.06.2025 16:44:28
  • Zuletzt bearbeitet 06.10.2025 13:48:27

A stored cross-site scripting (XSS) vulnerability exists in the Management Console of multiple WSO2 products due to insufficient input validation in the Rich Text Editor within the registry section. To exploit this vulnerability, a malicious actor mu...

6.8

CVE-2024-7074

  • EPSS 1.5%
  • Veröffentlicht 02.06.2025 16:42:19
  • Zuletzt bearbeitet 15.04.2026 00:35:42

An arbitrary file upload vulnerability exists in multiple WSO2 products due to improper validation of user input in SOAP admin services. A malicious actor with administrative privileges can upload an arbitrary file to a user-controlled location on th...

4.3

CVE-2024-7097

  • EPSS 25.17%
  • Veröffentlicht 30.05.2025 15:04:09
  • Zuletzt bearbeitet 06.10.2025 13:51:05

An incorrect authorization vulnerability exists in multiple WSO2 products due to a flaw in the SOAP admin service, which allows user account creation regardless of the self-registration configuration settings. This vulnerability enables malicious act...

5.4

CVE-2024-7096

  • EPSS 0.2%
  • Veröffentlicht 30.05.2025 14:54:32
  • Zuletzt bearbeitet 03.12.2025 08:15:47

A privilege escalation vulnerability exists in multiple WSO2 products due to a business logic flaw in SOAP admin services. A malicious actor can create a new user with elevated permissions only when all of the following conditions are met: * SOAP ...

9.8

CVE-2024-6914

  • EPSS 0.55%
  • Veröffentlicht 22.05.2025 18:26:15
  • Zuletzt bearbeitet 06.10.2025 13:56:53

An incorrect authorization vulnerability exists in multiple WSO2 products due to a business logic flaw in the account recovery-related SOAP admin service. A malicious actor can exploit this vulnerability to reset the password of any user account, lea...