Wso2

Identity Server As Key Manager

32 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.2

CVE-2025-1862

  • EPSS 0.28%
  • Veröffentlicht 26.09.2025 09:15:31
  • Zuletzt bearbeitet 06.10.2025 13:43:41

An arbitrary file upload vulnerability exists in multiple WSO2 products due to improper validation of user-supplied filenames in the BPEL uploader SOAP service endpoint. A malicious actor with administrative privileges can upload arbitrary files to a...

5.3

CVE-2025-1396

  • EPSS 0.04%
  • Veröffentlicht 26.09.2025 08:15:38
  • Zuletzt bearbeitet 06.10.2025 13:44:11

A username enumeration vulnerability exists in multiple WSO2 products when Multi-Attribute Login is enabled. In this configuration, the system returns a distinct "User does not exist" error message to the login form, regardless of the validate_userna...

3.8

CVE-2025-0672

  • EPSS 0.05%
  • Veröffentlicht 23.09.2025 18:15:30
  • Zuletzt bearbeitet 03.10.2025 16:38:03

An authentication bypass vulnerability exists in multiple WSO2 products when FIDO authentication is enabled. When a user account is deleted, the system does not automatically remove associated FIDO registration data. If a new user account is later cr...

6.8

CVE-2025-0663

  • EPSS 0.02%
  • Veröffentlicht 23.09.2025 17:15:32
  • Zuletzt bearbeitet 06.10.2025 13:44:26

A cross-tenant authentication vulnerability exists in multiple WSO2 products due to improper cryptographic design in Adaptive Authentication. A single cryptographic key is used across all tenants to sign authentication cookies, allowing a privileged ...

4.3

CVE-2024-6429

  • EPSS 0.03%
  • Veröffentlicht 23.09.2025 17:15:30
  • Zuletzt bearbeitet 06.10.2025 13:39:38

A content spoofing vulnerability exists in multiple WSO2 products due to improper error message handling. Under certain conditions, error messages are passed through URL parameters without validation, allowing malicious actors to inject arbitrary con...

4.3

CVE-2024-3511

  • EPSS 0.04%
  • Veröffentlicht 23.06.2025 08:47:55
  • Zuletzt bearbeitet 06.10.2025 13:35:40

An incorrect authorization vulnerability exists in multiple WSO2 products that allows unauthorized access to versioned files stored in the registry. Due to flawed authorization logic, a malicious actor with access to the management console can exploi...

6.1

CVE-2024-1440

  • EPSS 0.07%
  • Veröffentlicht 02.06.2025 16:51:16
  • Zuletzt bearbeitet 06.10.2025 13:48:42

An open redirection vulnerability exists in multiple WSO2 products due to improper validation of the multi-option URL in the authentication endpoint when multi-option authentication is enabled. A malicious actor can craft a valid link that redirects ...

5.2

CVE-2024-8008

  • EPSS 0.04%
  • Veröffentlicht 02.06.2025 16:48:12
  • Zuletzt bearbeitet 06.10.2025 13:51:36

A reflected cross-site scripting (XSS) vulnerability exists in multiple WSO2 products due to insufficient output encoding in error messages generated by the JDBC user store connection validation request. A malicious actor can inject a specially craft...

4.3

CVE-2024-3509

  • EPSS 0.04%
  • Veröffentlicht 02.06.2025 16:44:28
  • Zuletzt bearbeitet 06.10.2025 13:48:27

A stored cross-site scripting (XSS) vulnerability exists in the Management Console of multiple WSO2 products due to insufficient input validation in the Rich Text Editor within the registry section. To exploit this vulnerability, a malicious actor mu...

6.5

CVE-2024-7073

  • EPSS 0.08%
  • Veröffentlicht 02.06.2025 16:38:33
  • Zuletzt bearbeitet 06.10.2025 13:46:48

A server-side request forgery (SSRF) vulnerability exists in multiple WSO2 products due to improper input validation in SOAP admin services. This flaw allows unauthenticated attackers to manipulate server-side requests, enabling access to internal an...