Wso2

Identity Server As Key Manager

44 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.3

CVE-2024-3509

  • EPSS 0.1%
  • Veröffentlicht 02.06.2025 16:44:28
  • Zuletzt bearbeitet 06.10.2025 13:48:27

A stored cross-site scripting (XSS) vulnerability exists in the Management Console of multiple WSO2 products due to insufficient input validation in the Rich Text Editor within the registry section. To exploit this vulnerability, a malicious actor mu...

6.5

CVE-2024-7073

  • EPSS 0.22%
  • Veröffentlicht 02.06.2025 16:38:33
  • Zuletzt bearbeitet 06.10.2025 13:46:48

A server-side request forgery (SSRF) vulnerability exists in multiple WSO2 products due to improper input validation in SOAP admin services. This flaw allows unauthenticated attackers to manipulate server-side requests, enabling access to internal an...

4.3

CVE-2024-7097

  • EPSS 25.17%
  • Veröffentlicht 30.05.2025 15:04:09
  • Zuletzt bearbeitet 06.10.2025 13:51:05

An incorrect authorization vulnerability exists in multiple WSO2 products due to a flaw in the SOAP admin service, which allows user account creation regardless of the self-registration configuration settings. This vulnerability enables malicious act...

5.4

CVE-2024-7096

  • EPSS 0.2%
  • Veröffentlicht 30.05.2025 14:54:32
  • Zuletzt bearbeitet 03.12.2025 08:15:47

A privilege escalation vulnerability exists in multiple WSO2 products due to a business logic flaw in SOAP admin services. A malicious actor can create a new user with elevated permissions only when all of the following conditions are met: * SOAP ...

9.8

CVE-2024-6914

  • EPSS 0.55%
  • Veröffentlicht 22.05.2025 18:26:15
  • Zuletzt bearbeitet 06.10.2025 13:56:53

An incorrect authorization vulnerability exists in multiple WSO2 products due to a business logic flaw in the account recovery-related SOAP admin service. A malicious actor can exploit this vulnerability to reset the password of any user account, lea...

4.8

CVE-2023-6911

  • EPSS 0.35%
  • Veröffentlicht 18.12.2023 09:15:05
  • Zuletzt bearbeitet 21.11.2024 08:44:49

Multiple WSO2 products have been identified as vulnerable due to improper output encoding, a Stored Cross Site Scripting (XSS) attack can be carried out by an attacker injecting a malicious payload into the Registry feature of the Management Console....

6.1

CVE-2023-6838

  • EPSS 0.59%
  • Veröffentlicht 15.12.2023 10:15:10
  • Zuletzt bearbeitet 21.11.2024 08:44:39

Reflected XSS vulnerability can be exploited by tampering a request parameter in Authentication Endpoint. This can be performed in both authenticated and unauthenticated requests.

8.2

CVE-2023-6837

  • EPSS 0.32%
  • Veröffentlicht 15.12.2023 10:15:09
  • Zuletzt bearbeitet 05.06.2025 09:15:21

Multiple WSO2 products have been identified as vulnerable to perform user impersonatoin using JIT provisioning. In order for this vulnerability to have any impact on your deployment, following conditions must be met: * An IDP configured for feder...

7.5

CVE-2023-6836

  • EPSS 0.17%
  • Veröffentlicht 15.12.2023 10:15:09
  • Zuletzt bearbeitet 21.11.2024 08:44:38

Multiple WSO2 products have been identified as vulnerable due to an XML External Entity (XXE) attack abuses a widely available but rarely used feature of XML parsers to access sensitive information.

9.1

CVE-2021-42646

  • EPSS 1.34%
  • Veröffentlicht 11.05.2022 18:15:23
  • Zuletzt bearbeitet 21.11.2024 06:27:54

XML External Entity (XXE) vulnerability in the file based service provider creation feature of the Management Console in WSO2 API Manager 2.6.0, 3.0.0, 3.1.0, 3.2.0, and 4.0.0; and WSO2 IS as Key Manager 5.7.0, 5.9.0, and 5.10.0; and WSO2 Identity Se...