CVE-2024-7097
- EPSS 11.63%
- Veröffentlicht 30.05.2025 15:04:09
- Zuletzt bearbeitet 06.10.2025 13:51:05
An incorrect authorization vulnerability exists in multiple WSO2 products due to a flaw in the SOAP admin service, which allows user account creation regardless of the self-registration configuration settings. This vulnerability enables malicious act...
CVE-2024-7096
- EPSS 0.04%
- Veröffentlicht 30.05.2025 14:54:32
- Zuletzt bearbeitet 03.12.2025 08:15:47
A privilege escalation vulnerability exists in multiple WSO2 products due to a business logic flaw in SOAP admin services. A malicious actor can create a new user with elevated permissions only when all of the following conditions are met: * SOAP ...
CVE-2024-6914
- EPSS 0.09%
- Veröffentlicht 22.05.2025 18:26:15
- Zuletzt bearbeitet 06.10.2025 13:56:53
An incorrect authorization vulnerability exists in multiple WSO2 products due to a business logic flaw in the account recovery-related SOAP admin service. A malicious actor can exploit this vulnerability to reset the password of any user account, lea...
- EPSS 94.43%
- Veröffentlicht 18.04.2022 22:15:09
- Zuletzt bearbeitet 07.11.2025 19:01:08
Certain WSO2 products allow unrestricted file upload with resultant remote code execution. The attacker must use a /fileupload endpoint with a Content-Disposition directory traversal sequence to reach a directory under the web root, such as a ../../....