9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.974 High
EPSS
Percentile
99.9%
WSO2 Carbon Services is vulnerable to arbitrary file upload. The vulnerability exists because the file upload permissions and validations are not properly handled which allows an attacker to upload arbitrary files.
packetstormsecurity.com/files/166921/WSO-Arbitrary-File-Upload-Remote-Code-Execution.html
www.openwall.com/lists/oss-security/2022/04/22/7
docs.wso2.com/display/Security/Security+Advisory+WSO2-2021-1738
github.com/hakivvi/CVE-2022-29464
github.com/wso2-extensions/identity-carbon-auth-rest/pull/167
github.com/wso2/carbon-identity-framework/commit/d0ecf86fe7b25084bc4d053f2008ab6abc64520e
github.com/wso2/carbon-identity-framework/commit/d0ecf86fe7b25084bc4d053f2008ab6abc64520e
github.com/wso2/carbon-identity-framework/pull/3864
github.com/wso2/carbon-kernel/commit/13795df0a5b6a2206fd0338abfff057a7b99e1bb
github.com/wso2/carbon-kernel/pull/3152
www.openwall.com/lists/oss-security/2022/04/22/7
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.974 High
EPSS
Percentile
99.9%