36 matches found
This Week in Spring - January 13th, 2026
Hi, Spring fans, and welcome to another installment of This Week in Spring! It's the 13th of January, 2026, and it's been quite the week indeed! Let's dive right into it! Nobody, and I mean nobody , asked. So I put together a video on how to use Spring WS to build SOAP-based services in 2026. Hey...
CVE-2025-9312
A missing authentication enforcement vulnerability exists in the mutual TLS mTLS implementation used by System REST APIs and SOAP services in multiple WSO2 products. Due to improper validation of client certificate–based authentication in certain default configurations, the affected components ma...
CVE-2025-9312
A missing authentication enforcement vulnerability exists in the mutual TLS mTLS implementation used by System REST APIs and SOAP services in multiple WSO2 products. Due to improper validation of client certificate–based authentication in certain default configurations, the affected components ma...
CVE-2025-9312
A missing authentication enforcement vulnerability exists in the mutual TLS mTLS implementation used by System REST APIs and SOAP services in multiple WSO2 products. Due to improper validation of client certificate–based authentication in certain default configurations, the affected components ma...
EUVD-2025-197988
A missing authentication enforcement vulnerability exists in the mutual TLS mTLS implementation used by System REST APIs and SOAP services in multiple WSO2 products. Due to improper validation of client certificate–based authentication in certain default configurations, the affected components ma...
CVE-2025-9312
CVE-2025-9312 relates to a missing authentication enforcement in WSO2 products’ mTLS implementation used by System REST APIs and SOAP services. The root cause is improper validation of client certificate–based authentication under certain default configurations, allowing unauthenticated requests ...
CVE-2025-9312 Improper Certificate-Based Authentication Enforcement in Multiple WSO2 Products
A missing authentication enforcement vulnerability exists in the mutual TLS mTLS implementation used by System REST APIs and SOAP services in multiple WSO2 products. Due to improper validation of client certificate–based authentication in certain default configurations, the affected components ma...
CVE-2025-9312 Improper Certificate-Based Authentication Enforcement in Multiple WSO2 Products
A missing authentication enforcement vulnerability exists in the mutual TLS mTLS implementation used by System REST APIs and SOAP services in multiple WSO2 products. Due to improper validation of client certificate–based authentication in certain default configurations, the affected components ma...
PT-2025-47304
Name of the Vulnerable Software and Affected Versions WSO2 products affected versions not specified Description A missing authentication enforcement issue exists in the mutual TLS mTLS implementation used by System REST APIs and SOAP services. Improper validation of client certificate–based...
CVE-2025-10907
An arbitrary file upload vulnerability exists in multiple WSO2 products due to insufficient validation of uploaded content and destination in SOAP admin services. A malicious actor with administrative privileges can upload a specially crafted file to a user-controlled location within the...
EUVD-2025-37942
An arbitrary file upload vulnerability exists in multiple WSO2 products due to insufficient validation of uploaded content and destination in SOAP admin services. A malicious actor with administrative privileges can upload a specially crafted file to a user-controlled location within the...
PT-2025-45145
Name of the Vulnerable Software and Affected Versions WSO2 products affected versions not specified Description An arbitrary file upload issue exists due to inadequate validation of uploaded content and destination within SOAP admin services. An attacker with administrative privileges can upload ...
CVE-2025-9955
An improper access control vulnerability exists in WSO2 Enterprise Integrator product due to insufficient permission restrictions on internal SOAP admin services related to system logs and user-store configuration. A low-privileged user can access log data and user-store configuration details tha...
CVE-2025-9804 Improper Access Control in Multiple WSO2 Products via Internal SOAP Admin Services and System REST APIs
An improper access control vulnerability exists in multiple WSO2 products due to insufficient permission enforcement in certain internal SOAP Admin Services and System REST APIs. A low-privileged user may exploit this flaw to perform unauthorized operations, including accessing server-level...
EUVD-2022-5771
Malicious code in bioql PyPI...
CVE-2024-7074
An arbitrary file upload vulnerability exists in multiple WSO2 products due to improper validation of user input in SOAP admin services. A malicious actor with administrative privileges can upload an arbitrary file to a user-controlled location on the server. By leveraging this vulnerability, an...
CVE-2024-7096
A privilege escalation vulnerability exists in multiple WSO2 products due to a business logic flaw in SOAP admin services. A malicious actor can create a new user with elevated permissions only when all of the following conditions are met: SOAP admin services are accessible to the attacker. The...
GHSA-XF9F-32GH-H2W4 Improper Authentication in Apache CXF
The URIMappingInterceptor in Apache CXF before 2.5.8, 2.6.x before 2.6.5, and 2.7.x before 2.7.2, when using the WSS4JInInterceptor, bypasses WS-Security processing, which allows remote attackers to obtain access to SOAP services via an HTTP GET request...
Improper Authentication in Apache CXF
The URIMappingInterceptor in Apache CXF before 2.5.8, 2.6.x before 2.6.5, and 2.7.x before 2.7.2, when using the WSS4JInInterceptor, bypasses WS-Security processing, which allows remote attackers to obtain access to SOAP services via an HTTP GET request...
QRadar Community Edition 7.3.1.6 CSRF / Weak Access Control Vulnerability
QRadar Community Edition version 7.3.1.6 suffers from cross site request forgery and weak access control vulnerabilities. ------------------------------------------------------------------------ Cross-Site Request Forgery & weak access control in QRadar ConfigServices webservice...