Wso2

Open Banking Km

8 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.8

CVE-2025-9312

  • EPSS 0.03%
  • Veröffentlicht 18.11.2025 12:05:22
  • Zuletzt bearbeitet 08.12.2025 14:01:26

A missing authentication enforcement vulnerability exists in the mutual TLS (mTLS) implementation used by System REST APIs and SOAP services in multiple WSO2 products. Due to improper validation of client certificate–based authentication in certain d...

6.5

CVE-2025-9804

  • EPSS 0.06%
  • Veröffentlicht 16.10.2025 12:33:45
  • Zuletzt bearbeitet 21.11.2025 21:40:09

An improper access control vulnerability exists in multiple WSO2 products due to insufficient permission enforcement in certain internal SOAP Admin Services and System REST APIs. A low-privileged user may exploit this flaw to perform unauthorized ope...

9.8

CVE-2025-10611

  • EPSS 0.18%
  • Veröffentlicht 16.10.2025 12:09:31
  • Zuletzt bearbeitet 21.11.2025 21:38:23

Due to an insufficient access control implementation in multiple WSO2 Products, authentication and authorization checks for certain REST APIs can be bypassed, allowing them to be invoked without proper validation. Successful exploitation of this vul...

6.5

CVE-2024-7073

  • EPSS 0.07%
  • Veröffentlicht 02.06.2025 16:38:33
  • Zuletzt bearbeitet 06.10.2025 13:46:48

A server-side request forgery (SSRF) vulnerability exists in multiple WSO2 products due to improper input validation in SOAP admin services. This flaw allows unauthenticated attackers to manipulate server-side requests, enabling access to internal an...

4.3

CVE-2024-7097

  • EPSS 11.63%
  • Veröffentlicht 30.05.2025 15:04:09
  • Zuletzt bearbeitet 06.10.2025 13:51:05

An incorrect authorization vulnerability exists in multiple WSO2 products due to a flaw in the SOAP admin service, which allows user account creation regardless of the self-registration configuration settings. This vulnerability enables malicious act...

5.4

CVE-2024-7096

  • EPSS 0.04%
  • Veröffentlicht 30.05.2025 14:54:32
  • Zuletzt bearbeitet 03.12.2025 08:15:47

A privilege escalation vulnerability exists in multiple WSO2 products due to a business logic flaw in SOAP admin services. A malicious actor can create a new user with elevated permissions only when all of the following conditions are met: * SOAP ...

9.8

CVE-2024-6914

  • EPSS 0.09%
  • Veröffentlicht 22.05.2025 18:26:15
  • Zuletzt bearbeitet 06.10.2025 13:56:53

An incorrect authorization vulnerability exists in multiple WSO2 products due to a business logic flaw in the account recovery-related SOAP admin service. A malicious actor can exploit this vulnerability to reset the password of any user account, lea...

10

CVE-2022-29464

Warnung Exploit
  • EPSS 94.43%
  • Veröffentlicht 18.04.2022 22:15:09
  • Zuletzt bearbeitet 07.11.2025 19:01:08

Certain WSO2 products allow unrestricted file upload with resultant remote code execution. The attacker must use a /fileupload endpoint with a Content-Disposition directory traversal sequence to reach a directory under the web root, such as a ../../....