Lucene search
K

4 matches found

NVD
NVD
added 2025/05/22 7:15 p.m.24 views

CVE-2024-6914

An incorrect authorization vulnerability exists in multiple WSO2 products due to a business logic flaw in the account recovery-related SOAP admin service. A malicious actor can exploit this vulnerability to reset the password of any user account, leading to a complete account takeover, including...

9.8CVSS0.00585EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/05/22 6:26 p.m.33 views

CVE-2024-6914 Incorrect Authorization in Multiple WSO2 Products via Account Recovery SOAP Admin Service Leading to Account Takeover

An incorrect authorization vulnerability exists in multiple WSO2 products due to a business logic flaw in the account recovery-related SOAP admin service. A malicious actor can exploit this vulnerability to reset the password of any user account, leading to a complete account takeover, including...

9.8CVSS0.00585EPSS
Exploits0References2
CVE
CVE
added 2025/05/22 6:26 p.m.74 views

CVE-2024-6914

Affected products. WSO2 products (notably API Manager, Identity Server and related Open Banking variants) are affected by CVE-2024-6914 due to a business logic flaw in the account recovery-related SOAP admin service. Vulnerability and root cause. An incorrect authorization flow in the account rec...

9.8CVSS9.4AI score0.00585EPSS
Exploits0References2Affected Software6
Circl
Circl
added 2024/12/30 5:0 a.m.15 views

CVE-2024-6914

creationtimestamp| type| source ---|---|--- 2024-12-30 05:00:00+00:00| seen| http://www.zerodayinitiative.com/advisories/ZDI-24-1740/ 2025-05-22 20:55:07+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lpryt6jtjv27...

9.8CVSS9.3AI score0.00585EPSS
Exploits0References2
Rows per page
Query Builder