Wso2

Identity Server

57 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.8

CVE-2025-9312

  • EPSS 0.03%
  • Veröffentlicht 18.11.2025 12:05:22
  • Zuletzt bearbeitet 08.12.2025 14:01:26

A missing authentication enforcement vulnerability exists in the mutual TLS (mTLS) implementation used by System REST APIs and SOAP services in multiple WSO2 products. Due to improper validation of client certificate–based authentication in certain d...

8.8

CVE-2025-6670

  • EPSS 0.02%
  • Veröffentlicht 18.11.2025 11:28:37
  • Zuletzt bearbeitet 08.12.2025 14:00:21

A Cross-Site Request Forgery (CSRF) vulnerability exists in multiple WSO2 products due to the use of the HTTP GET method for state-changing operations within admin services, specifically in the event processor of the Carbon console. Although the Same...

6.1

CVE-2025-10853

  • EPSS 0.03%
  • Veröffentlicht 05.11.2025 19:21:32
  • Zuletzt bearbeitet 13.11.2025 15:31:45

A reflected cross-site scripting (XSS) vulnerability exists in the management console of multiple WSO2 products due to improper output encoding. By tampering with specific parameters, a malicious actor can inject arbitrary JavaScript into the respons...

6.1

CVE-2025-5770

  • EPSS 0.04%
  • Veröffentlicht 05.11.2025 19:16:01
  • Zuletzt bearbeitet 13.11.2025 15:32:16

A reflected cross-site scripting (XSS) vulnerability exists in the authentication endpoints of multiple WSO2 products due to a lack of output encoding. A malicious actor can inject arbitrary JavaScript payloads into the authentication endpoint, which...

7.2

CVE-2025-10907

  • EPSS 0.44%
  • Veröffentlicht 05.11.2025 18:15:33
  • Zuletzt bearbeitet 04.12.2025 21:07:22

An arbitrary file upload vulnerability exists in multiple WSO2 products due to insufficient validation of uploaded content and destination in SOAP admin services. A malicious actor with administrative privileges can upload a specially crafted file to...

9.1

CVE-2025-10713

  • EPSS 0.1%
  • Veröffentlicht 05.11.2025 17:18:24
  • Zuletzt bearbeitet 04.12.2025 21:07:04

An XML External Entity (XXE) vulnerability exists in multiple WSO2 products due to improper configuration of the XML parser. The application parses user-supplied XML without applying sufficient restrictions, allowing resolution of external entities. ...

7.2

CVE-2025-3125

  • EPSS 0.26%
  • Veröffentlicht 05.11.2025 14:49:44
  • Zuletzt bearbeitet 04.12.2025 21:06:46

An arbitrary file upload vulnerability exists in multiple WSO2 products due to improper input validation in the CarbonAppUploader admin service endpoint. An authenticated attacker with appropriate privileges can upload a malicious file to a user-cont...

5.3

CVE-2025-5605

  • EPSS 7.38%
  • Veröffentlicht 24.10.2025 10:15:39
  • Zuletzt bearbeitet 21.11.2025 14:20:43

An authentication bypass vulnerability exists in the Management Console of multiple WSO2 products. A malicious actor with access to the console can manipulate the request URI to bypass authentication and access certain restricted resources, resulting...

4.8

CVE-2025-5350

  • EPSS 0.02%
  • Veröffentlicht 24.10.2025 10:15:38
  • Zuletzt bearbeitet 21.11.2025 14:33:52

SSRF and Reflected XSS Vulnerabilities exist in multiple WSO2 products within the deprecated Try-It feature, which was accessible only to administrative users. This feature accepted user-supplied URLs without proper validation, leading to server-side...

6.5

CVE-2025-9804

  • EPSS 0.06%
  • Veröffentlicht 16.10.2025 12:33:45
  • Zuletzt bearbeitet 21.11.2025 21:40:09

An improper access control vulnerability exists in multiple WSO2 products due to insufficient permission enforcement in certain internal SOAP Admin Services and System REST APIs. A low-privileged user may exploit this flaw to perform unauthorized ope...