Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2022-2024 and is owned by Tenable, Inc. or an Affiliate thereof.WSO2_CVE-2022-29464.NBIN
HistoryApr 26, 2022 - 12:00 a.m.

WSO2 Multiple Products File Upload Remote Command Execution (CVE-2022-29464)

2022-04-2600:00:00
This script is Copyright (C) 2022-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
280
JSON

The remote web server is running a WSO2 product that is affected by a file upload remote command execution vulnerability due to improper validation of user input. A remote, unauthenticated attacker can leverage this by uploading a malicious jsp script to the web server resulting in remote command execution.

Note that Nessus tests for this vulnerability by sending a benign POST request to the vulnerable endpoint and analyzes the response to determine if the vulnerability is present or has been patched or mitigated.

Binary data wso2_CVE-2022-29464.nbin
VendorProductVersionCPE
wso2api_managercpe:/a:wso2:api_manager
wso2enterprise_integratorcpe:/a:wso2:enterprise_integrator
wso2identity_servercpe:/a:wso2:identity_server
wso2identity_server_analyticscpe:/a:wso2:identity_server_analytics
wso2identity_server_as_key_managercpe:/a:wso2:identity_server_as_key_manager

Related

githubexploit 29
cve 1
cisa_kev 1
thn 1
metasploit 1
nuclei 1
rapid7blog 3
osv 1
trendmicroblog 1
packetstorm 1
checkpoint_advisories 1
attackerkb 1
prion 1
veracode 1
zdt 1
wallarmlab 3
impervablog 1
ics 1
githubexploit
githubexploit
Exploit for Unrestricted Upload of File with Dangerous Type in Wso2 Identity Server Analytics
2022-04-30 04:30:51
Exploit for Path Traversal in Wso2 Identity Server Analytics
2022-05-07 03:00:08
Exploit for Path Traversal in Wso2 Identity Server Analytics
2022-06-22 20:58:33
cve
cve
CVE-2022-29464
2022-04-18 22:15:00
cisa_kev
cisa_kev
WSO2 Multiple Products Unrestrictive Upload of File Vulnerability
2022-04-25 00:00:00
thn
thn
Chinese Hackers Targeting South American Diplomatic Entities with ShadowPad
2023-02-14 09:39:00
metasploit
metasploit
WSO2 Arbitrary File Upload to RCE
2022-04-26 19:29:12
nuclei
nuclei
WSO2 Management - Arbitrary File Upload & Remote Code Execution
2022-04-21 07:02:42
rapid7blog
rapid7blog
Opportunistic Exploitation of WSO2 CVE-2022-29464
2022-04-22 21:03:27
Metasploit Wrap-Up
2022-05-06 17:56:15
Active Exploitation of F5 BIG-IP iControl REST CVE-2022-1388
2022-05-09 17:57:00
osv
osv
CVE-2022-29464
2022-04-18 22:15:09
trendmicroblog
trendmicroblog
Patch Your WSO2: CVE-2022-29464 Exploited to Install Linux-Compatible Cobalt Strike Beacons, Other Malware
2022-05-31 00:00:00
packetstorm
packetstorm
WSO Arbitrary File Upload / Remote Code Execution
2022-05-02 00:00:00
checkpoint_advisories
checkpoint_advisories
WSO2 Multiple Products Remote Code Execution (CVE-2022-29464)
2022-05-03 00:00:00
attackerkb
attackerkb
CVE-2022-29464
2022-04-22 00:00:00
prion
prion
Unrestricted file upload
2022-04-18 22:15:00
veracode
veracode
Arbitrary File Upload
2022-05-09 06:11:14
zdt
zdt
WSO Arbitrary File Upload / Remote Code Execution Exploit
2022-05-03 00:00:00
wallarmlab
wallarmlab
Evolution of API Security – A Practical Guide to Addressing API Threats in 2023
2022-10-26 15:32:16
10 Years Journey into API Security Vulnerabilities with Ivan, the CEO of Wallarm
2022-07-13 17:47:59
API Vulnerabilities Jump Up 3.7x in Q2-2022
2022-07-28 07:38:27
impervablog
impervablog
Imperva uncovers new Indicators of Compromise for FBI and CISA-flagged AndroxGh0st botnet
2024-01-31 14:03:45
ics
ics
2022 Top Routinely Exploited Vulnerabilities
2023-08-03 12:00:00
JSON
Related for WSO2_CVE-2022-29464.NBIN
githubexploit29cve1cisa_kev1thn1metasploit1nuclei1rapid7blog3osv1trendmicroblog1packetstorm1checkpoint_advisories1attackerkb1prion1veracode1zdt1wallarmlab3impervablog1ics1