Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
Docs
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wso2 vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2024-6914
An incorrect authorization vulnerability exists in multiple WSO2 products due to a business logic flaw in the account recovery-related SOAP admin service. A malicious actor can exploit this vulnerability to reset the password of any user account, leading to a complete account tak...
Wso2 Wso2 Api Manager
Wso2 Wso2 Governance Registry
Wso2 Wso2 Identity Server
Wso2 Wso2 Identity Server As Key Manager
Wso2 Wso2 Iot
Wso2 Wso2 Open Banking Am
Wso2 Wso2 Open Banking Km
Wso2 Wso2 Open Banking Iam
Wso2 Wso2 Carbon Identity Management
6.8
CVSSv3
CVE-2024-7074
An arbitrary file upload vulnerability exists in multiple WSO2 products due to improper validation of user input in SOAP admin services. A malicious actor with administrative privileges can upload an arbitrary file to a user-controlled location on the server. By leveraging this v...
Wso2 Wso2 Enterprise Integrator
Wso2 Wso2 Api Manager
Wso2 Wso2 Enterprise Service Bus
Wso2 Wso2 Enterprise Mobility Manager
Wso2 Wso2 Micro Integrator
Wso2 Wso2 Open Banking Am
Wso2 Wso2 Carbon Synapse Artifact Uploader Be
4.3
CVSSv3
CVE-2024-3509
A stored cross-site scripting (XSS) vulnerability exists in the Management Console of multiple WSO2 products due to insufficient input validation in the Rich Text Editor within the registry section. To exploit this vulnerability, a malicious actor must have a valid user account w...
Wso2 Wso2 Enterprise Integrator
Wso2 Wso2 Api Manager
Wso2 Wso2 Open Banking Am
Wso2 Wso2 Open Banking Iam
Wso2 Wso2 Identity Server As Key Manager
Wso2 Wso2 Identity Server
Wso2 Wso2 Carbon Registry Resources Ui
4.2
CVSSv3
CVE-2024-7096
A privilege escalation vulnerability exists in multiple [Vendor Name] products due to a business logic flaw in SOAP admin services. A malicious actor can create a new user with elevated permissions only when all of the following conditions are met: * SOAP admin services are acces...
Wso2 Wso2 Open Banking Iam
Wso2 Wso2 Open Banking Am
Wso2 Wso2 Api Manager
Wso2 Wso2 Enterprise Mobility Manager
Wso2 Wso2 Identity Server
Wso2 Wso2 Identity Server As Key Manager
Wso2 Wso2 Open Banking Km
4.3
CVSSv3
CVE-2024-7097
An incorrect authorization vulnerability exists in multiple WSO2 products due to a flaw in the SOAP admin service, which allows user account creation regardless of the self-registration configuration settings. This vulnerability enables malicious actors to create new user account...
Wso2 Wso2 Open Banking Am
Wso2 Wso2 Open Banking Km
Wso2 Wso2 Identity Server As Key Manager
Wso2 Wso2 Api Manager
Wso2 Wso2 Identity Server
Wso2 Wso2 Open Banking Iam
Wso2 Wso2 Enterprise Mobility Manager
5.2
CVSSv3
CVE-2024-8008
A reflected cross-site scripting (XSS) vulnerability exists in multiple [Vendor Name] products due to insufficient output encoding in error messages generated by the JDBC user store connection validation request. A malicious actor can inject a specially crafted payload into the r...
Wso2 Wso2 Enterprise Integrator
Wso2 Wso2 Api Manager
Wso2 Wso2 Identity Server As Key Manager
Wso2 Wso2 Identity Server
Wso2 Wso2 Open Banking Iam
Wso2 Wso2 Open Banking Am
Wso2 Wso2 Carbon Identity User Store Configuration Ui
7.5
CVSSv3
CVE-2023-6836
Multiple WSO2 products have been identified as vulnerable due to an XML External Entity (XXE) attack abuses a widely available but rarely used feature of XML parsers to access sensitive information.
Wso2 Wso2 Api Manager
Wso2 Wso2 Api Manager Analytics
Wso2 Wso2 Api Microgateway
Wso2 Wso2 Enterprise Integrator
Wso2 Wso2 Is As Key Manager
Wso2 Wso2 Identity Server
Wso2 Wso2 Micro Integrator
Wso2 Api Manager
Wso2 Api Manager Analytics 2.2.0
Wso2 Api Manager Analytics 2.5.0
Wso2 Api Microgateway 2.2.0
Wso2 Enterprise Integrator
4.8
CVSSv3
CVE-2023-6911
Multiple WSO2 products have been identified as vulnerable due to improper output encoding, a Stored Cross Site Scripting (XSS) attack can be carried out by an attacker injecting a malicious payload into the Registry feature of the Management Console.
Wso2 Wso2 Api Manager
Wso2 Wso2 Api Manager Analytics
Wso2 Wso2 Api Microgateway
Wso2 Wso2 Data Analytics Server
Wso2 Wso2 Enterprise Integrator
Wso2 Wso2 Is As Key Manager
Wso2 Wso2 Identity Server
Wso2 Wso2 Identity Server Analytics
Wso2 Wso2 Message Broker
Wso2 Api Manager 2.2.0
Wso2 Api Manager 2.5.0
Wso2 Api Manager 2.6.0
5.4
CVSSv3
CVE-2024-1440
An open redirection vulnerability exists in multiple WSO2 products due to improper validation of the multi-option URL in the authentication endpoint when multi-option authentication is enabled. A malicious actor can craft a valid link that redirects users to an attacker-controlle...
Wso2 Wso2 Identity Server
Wso2 Wso2 Api Manager
Wso2 Wso2 Identity Server As Key Manager
Wso2 Wso2 Open Banking Am
Wso2 Wso2 Open Banking Iam
Wso2 Wso2 Carbon Identity Application Authentication Endpoint(utils)
6.5
CVSSv3
CVE-2024-7073
A server-side request forgery (SSRF) vulnerability exists in multiple WSO2 products due to improper input validation in SOAP admin services. This flaw allows unauthenticated malicious users to manipulate server-side requests, enabling access to internal and external resources ava...
Wso2 Wso2 Identity Server As Key Manager
Wso2 Wso2 Identity Server
Wso2 Wso2 Open Banking Km
Wso2 Wso2 Open Banking Iam
Wso2 Wso2 Carbon Policy Editor Be
Preferred Score:
CVSSv3
CVSSv2
CVSSv3
CVSSv4
EPSS
VMScore
Recommendations:
CVE-2025-3248
thanhtungtnt
remote code execution
codepen embed block
CVE-2025-6354
chris coyier
CVE-2025-50025
nitin yawalkar
code execution
CVE-2025-50038
CVE-2023-0386
cross-site scripting
CVE-2025-6351
Home
/
Search Results
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »
Vulmon