Lucene search
K
Wso2Open Banking Km

8 matches found

CVE
CVE
added 2022/04/18 12:0 a.m.1841 views

CVE-2022-29464

CVE-2022-29464 is an unauthenticated, pre-auth arbitrary file upload in WSO2 products that enables remote code execution via a crafted POST to /fileupload. The vulnerability arises from directory traversal during upload, allowing JSPs to be placed under the webroot (e.g., repository/deployment/se...

10CVSS9.6AI score0.99999EPSS
In wild
CVE
CVE
added 2025/05/30 3:4 p.m.167 views

CVE-2024-7097

WSO2 products are affected by an improper authorization vulnerability in the SOAP admin service that allows unauthenticated account creation regardless of self-registration configuration. Attackers can create arbitrary user accounts (potentially many), leading to unauthorized access and possible ...

4.3CVSS6.4AI score0.00606EPSS
In wild
CVE
CVE
added 2025/06/02 4:38 p.m.87 views

CVE-2024-7073

CVE-2024-7073 describes a server-side request forgery (SSRF) in multiple WSO2 products caused by improper input validation in the SOAP admin/management services. The vulnerability allows unauthenticated attackers to trigger server-side requests to internal or external resources reachable by the a...

6.5CVSS6.5AI score0.00187EPSS
CVE
CVE
added 2025/05/30 2:54 p.m.81 views

CVE-2024-7096

Summary: CVE-2024-7096 describes a privilege-escalation flaw in multiple WSO2 products arising from a business-logic weakness in SOAP admin services. An attacker can create a new user with elevated permissions when SOAP admin services are accessible, the deployment uses an internal attribute not ...

5.4CVSS6.4AI score0.00594EPSS
CVE
CVE
added 2025/05/22 6:26 p.m.74 views

CVE-2024-6914

Affected products. WSO2 products (notably API Manager, Identity Server and related Open Banking variants) are affected by CVE-2024-6914 due to a business logic flaw in the account recovery-related SOAP admin service. Vulnerability and root cause. An incorrect authorization flow in the account rec...

9.8CVSS9.4AI score0.00585EPSS
CVE
CVE
added 2025/10/16 12:9 p.m.26 views

CVE-2025-10611

CVE-2025-10611 describes an insufficient access-control implementation across multiple WSO2 Products, allowing bypass of authentication and authorization checks on certain REST APIs. This could let an unauthenticated actor invoke APIs and perform unauthenticated/unauthorized administrative operat...

9.8CVSS6.7AI score0.00774EPSS
CVE
CVE
added 2025/11/18 12:5 p.m.24 views

CVE-2025-9312

CVE-2025-9312 relates to a missing authentication enforcement in WSO2 products’ mTLS implementation used by System REST APIs and SOAP services. The root cause is improper validation of client certificate–based authentication under certain default configurations, allowing unauthenticated requests ...

9.8CVSS7AI score0.00222EPSS
CVE
CVE
added 2025/10/16 12:33 p.m.24 views

CVE-2025-9804

The CVE-2025-9804 entry concerns multiple WSO2 products (e.g., API Manager family) with an improper access-control flaw due to insufficient permission enforcement in internal SOAP Admin Services and System REST APIs. The root cause is limited access-control checks on internal interfaces, allowing...

9.6CVSS6.5AI score0.00521EPSS