CVE-2024-7073
- EPSS 0.08%
- Veröffentlicht 02.06.2025 16:38:33
- Zuletzt bearbeitet 06.10.2025 13:46:48
A server-side request forgery (SSRF) vulnerability exists in multiple WSO2 products due to improper input validation in SOAP admin services. This flaw allows unauthenticated attackers to manipulate server-side requests, enabling access to internal an...
CVE-2024-7097
- EPSS 8.71%
- Veröffentlicht 30.05.2025 15:04:09
- Zuletzt bearbeitet 06.10.2025 13:51:05
An incorrect authorization vulnerability exists in multiple WSO2 products due to a flaw in the SOAP admin service, which allows user account creation regardless of the self-registration configuration settings. This vulnerability enables malicious act...
CVE-2024-7096
- EPSS 0.02%
- Veröffentlicht 30.05.2025 14:54:32
- Zuletzt bearbeitet 06.10.2025 13:58:40
A privilege escalation vulnerability exists in multiple [Vendor Name] products due to a business logic flaw in SOAP admin services. A malicious actor can create a new user with elevated permissions only when all of the following conditions are met: ...
CVE-2024-6914
- EPSS 0.06%
- Veröffentlicht 22.05.2025 18:26:15
- Zuletzt bearbeitet 06.10.2025 13:56:53
An incorrect authorization vulnerability exists in multiple WSO2 products due to a business logic flaw in the account recovery-related SOAP admin service. A malicious actor can exploit this vulnerability to reset the password of any user account, lea...
- EPSS 94.43%
- Veröffentlicht 18.04.2022 22:15:09
- Zuletzt bearbeitet 03.04.2025 18:54:31
Certain WSO2 products allow unrestricted file upload with resultant remote code execution. The attacker must use a /fileupload endpoint with a Content-Disposition directory traversal sequence to reach a directory under the web root, such as a ../../....