CVE-2024-7096
- EPSS 0.02%
- Published 30.05.2025 14:54:32
- Last modified 06.10.2025 13:58:40
A privilege escalation vulnerability exists in multiple [Vendor Name] products due to a business logic flaw in SOAP admin services. A malicious actor can create a new user with elevated permissions only when all of the following conditions are met: ...
CVE-2024-6914
- EPSS 0.06%
- Published 22.05.2025 18:26:15
- Last modified 06.10.2025 13:56:53
An incorrect authorization vulnerability exists in multiple WSO2 products due to a business logic flaw in the account recovery-related SOAP admin service. A malicious actor can exploit this vulnerability to reset the password of any user account, lea...
- EPSS 94.43%
- Published 18.04.2022 22:15:09
- Last modified 03.04.2025 18:54:31
Certain WSO2 products allow unrestricted file upload with resultant remote code execution. The attacker must use a /fileupload endpoint with a Content-Disposition directory traversal sequence to reach a directory under the web root, such as a ../../....