4 matches found
CVE-2024-6914
An incorrect authorization vulnerability exists in multiple WSO2 products due to a business logic flaw in the account recovery-related SOAP admin service. A malicious actor can exploit this vulnerability to reset the password of any user account, leading to a complete account takeover, including...
CVE-2024-6914 Incorrect Authorization in Multiple WSO2 Products via Account Recovery SOAP Admin Service Leading to Account Takeover
An incorrect authorization vulnerability exists in multiple WSO2 products due to a business logic flaw in the account recovery-related SOAP admin service. A malicious actor can exploit this vulnerability to reset the password of any user account, leading to a complete account takeover, including...
CVE-2024-6914
Affected products. WSO2 products (notably API Manager, Identity Server and related Open Banking variants) are affected by CVE-2024-6914 due to a business logic flaw in the account recovery-related SOAP admin service. Vulnerability and root cause. An incorrect authorization flow in the account rec...
CVE-2024-6914
creationtimestamp| type| source ---|---|--- 2024-12-30 05:00:00+00:00| seen| http://www.zerodayinitiative.com/advisories/ZDI-24-1740/ 2025-05-22 20:55:07+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lpryt6jtjv27...