Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
attackerkbAttackerKBAKB:2E72D5AA-2DCA-4B08-BD6A-1D96B2001082
HistoryApr 22, 2022 - 12:00 a.m.

CVE-2022-29464

2022-04-2200:00:00
attackerkb.com
84

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.975 High

EPSS

Percentile

100.0%

JSON

Certain WSO2 products allow unrestricted file upload with resultant remote code execution. This affects WSO2 API Manager 2.2.0 and above through 4.0.0; WSO2 Identity Server 5.2.0 and above through 5.11.0; WSO2 Identity Server Analytics 5.4.0, 5.4.1, 5.5.0, and 5.6.0; WSO2 Identity Server as Key Manager 5.3.0 and above through 5.10.0; and WSO2 Enterprise Integrator 6.2.0 and above through 6.6.0.

Recent assessments:

jbaines-r7 at April 22, 2022 9:14pm UTC reported:

This is a very easy to exploit issue. See the Rapid7 analysis for details.

jheysel-r7 at October 06, 2022 6:13pm UTC reported:

This is a very easy to exploit issue. See the Rapid7 analysis for details.

Assessed Attacker Value: 5
Assessed Attacker Value: 5Assessed Attacker Value: 5

Related

githubexploit 29
nuclei 1
cve 1
metasploit 1
cisa_kev 1
thn 1
trendmicroblog 1
nessus 1
rapid7blog 3
packetstorm 1
osv 1
prion 1
veracode 1
zdt 1
checkpoint_advisories 1
wallarmlab 3
impervablog 1
ics 1
githubexploit
githubexploit
Exploit for Path Traversal in Wso2 Identity Server Analytics
2022-05-26 20:19:53
Exploit for Path Traversal in Wso2 Identity Server Analytics
2022-04-22 21:23:57
Exploit for Path Traversal in Wso2 Identity Server Analytics
2022-04-29 08:24:17
nuclei
nuclei
WSO2 Management - Arbitrary File Upload & Remote Code Execution
2022-04-21 07:02:42
cve
cve
CVE-2022-29464
2022-04-18 22:15:00
metasploit
metasploit
WSO2 Arbitrary File Upload to RCE
2022-04-26 19:29:12
cisa_kev
cisa_kev
WSO2 Multiple Products Unrestrictive Upload of File Vulnerability
2022-04-25 00:00:00
thn
thn
Chinese Hackers Targeting South American Diplomatic Entities with ShadowPad
2023-02-14 09:39:00
trendmicroblog
trendmicroblog
Patch Your WSO2: CVE-2022-29464 Exploited to Install Linux-Compatible Cobalt Strike Beacons, Other Malware
2022-05-31 00:00:00
nessus
nessus
WSO2 Multiple Products File Upload Remote Command Execution (CVE-2022-29464)
2022-04-26 00:00:00
rapid7blog
rapid7blog
Opportunistic Exploitation of WSO2 CVE-2022-29464
2022-04-22 21:03:27
Metasploit Wrap-Up
2022-05-06 17:56:15
Active Exploitation of F5 BIG-IP iControl REST CVE-2022-1388
2022-05-09 17:57:00
packetstorm
packetstorm
WSO Arbitrary File Upload / Remote Code Execution
2022-05-02 00:00:00
osv
osv
CVE-2022-29464
2022-04-18 22:15:09
prion
prion
Unrestricted file upload
2022-04-18 22:15:00
veracode
veracode
Arbitrary File Upload
2022-05-09 06:11:14
zdt
zdt
WSO Arbitrary File Upload / Remote Code Execution Exploit
2022-05-03 00:00:00
checkpoint_advisories
checkpoint_advisories
WSO2 Multiple Products Remote Code Execution (CVE-2022-29464)
2022-05-03 00:00:00
wallarmlab
wallarmlab
Evolution of API Security – A Practical Guide to Addressing API Threats in 2023
2022-10-26 15:32:16
10 Years Journey into API Security Vulnerabilities with Ivan, the CEO of Wallarm
2022-07-13 17:47:59
API Vulnerabilities Jump Up 3.7x in Q2-2022
2022-07-28 07:38:27
impervablog
impervablog
Imperva uncovers new Indicators of Compromise for FBI and CISA-flagged AndroxGh0st botnet
2024-01-31 14:03:45
ics
ics
2022 Top Routinely Exploited Vulnerabilities
2023-08-03 12:00:00

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.975 High

EPSS

Percentile

100.0%

JSON
Related for AKB:2E72D5AA-2DCA-4B08-BD6A-1D96B2001082
githubexploit29nuclei1cve1metasploit1cisa_kev1thn1trendmicroblog1nessus1rapid7blog3packetstorm1osv1prion1veracode1zdt1checkpoint_advisories1wallarmlab3impervablog1ics1