CVE-2025-9804
- EPSS 0.06%
- Veröffentlicht 16.10.2025 12:33:45
- Zuletzt bearbeitet 21.11.2025 21:40:09
An improper access control vulnerability exists in multiple WSO2 products due to insufficient permission enforcement in certain internal SOAP Admin Services and System REST APIs. A low-privileged user may exploit this flaw to perform unauthorized ope...
CVE-2024-7074
- EPSS 0.11%
- Veröffentlicht 02.06.2025 16:42:19
- Zuletzt bearbeitet 02.06.2025 17:32:17
An arbitrary file upload vulnerability exists in multiple WSO2 products due to improper validation of user input in SOAP admin services. A malicious actor with administrative privileges can upload an arbitrary file to a user-controlled location on th...
CVE-2024-7097
- EPSS 11.63%
- Veröffentlicht 30.05.2025 15:04:09
- Zuletzt bearbeitet 06.10.2025 13:51:05
An incorrect authorization vulnerability exists in multiple WSO2 products due to a flaw in the SOAP admin service, which allows user account creation regardless of the self-registration configuration settings. This vulnerability enables malicious act...
CVE-2024-7096
- EPSS 0.04%
- Veröffentlicht 30.05.2025 14:54:32
- Zuletzt bearbeitet 03.12.2025 08:15:47
A privilege escalation vulnerability exists in multiple WSO2 products due to a business logic flaw in SOAP admin services. A malicious actor can create a new user with elevated permissions only when all of the following conditions are met: * SOAP ...
CVE-2017-14651
- EPSS 7.64%
- Veröffentlicht 21.09.2017 18:29:00
- Zuletzt bearbeitet 20.04.2025 01:37:25
WSO2 Data Analytics Server 3.1.0 has XSS in carbon/resources/add_collection_ajaxprocessor.jsp via the collectionName or parentPath parameter.