GoogleOSV:GHSA-W7RX-824V-RGX5WSO2 API Manager allows attackers to change the API rating
5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
5.4 Medium
AI Score
Confidence
High
0.0005 Low
EPSS
Percentile
17.0%
Multiple WSO2 products have been identified as vulnerable due to lack of server-side input validation in the Forum feature, API rating could be manipulated.
References
github.com/wso2/carbon-apimgt
github.com/wso2/carbon-apimgt/blob/81e0c0b8ed0bd2dace1e9006be21acbb731c835e/components/forum/org.wso2.carbon.forum/src/main/java/org/wso2/carbon/forum/registry/RegistryForumManager.java#L762
github.com/wso2/carbon-apimgt/commit/2e9591b72bc286dfcd22b57768e984d867c902ba
nvd.nist.gov/vuln/detail/CVE-2023-6835
security.docs.wso2.com/en/latest/security-announcements/security-advisories/2021/WSO2-2021-1357
Related
5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
5.4 Medium
AI Score
Confidence
High
0.0005 Low
EPSS
Percentile
17.0%