CVE-2024-7074
- EPSS 0.1%
- Published 02.06.2025 16:42:19
- Last modified 02.06.2025 17:32:17
An arbitrary file upload vulnerability exists in multiple WSO2 products due to improper validation of user input in SOAP admin services. A malicious actor with administrative privileges can upload an arbitrary file to a user-controlled location on th...
CVE-2024-7097
- EPSS 8.71%
- Published 30.05.2025 15:04:09
- Last modified 06.10.2025 13:51:05
An incorrect authorization vulnerability exists in multiple WSO2 products due to a flaw in the SOAP admin service, which allows user account creation regardless of the self-registration configuration settings. This vulnerability enables malicious act...
CVE-2024-7096
- EPSS 0.02%
- Published 30.05.2025 14:54:32
- Last modified 06.10.2025 13:58:40
A privilege escalation vulnerability exists in multiple [Vendor Name] products due to a business logic flaw in SOAP admin services. A malicious actor can create a new user with elevated permissions only when all of the following conditions are met: ...
CVE-2017-14651
- EPSS 9.25%
- Published 21.09.2017 18:29:00
- Last modified 20.04.2025 01:37:25
WSO2 Data Analytics Server 3.1.0 has XSS in carbon/resources/add_collection_ajaxprocessor.jsp via the collectionName or parentPath parameter.