CVE-2024-7097

Опубликовано: 30 мая 2025

Источник: nvd

CVSS3: 4.3

EPSS Средний

Описание

Exploitation of this flaw could allow an attacker to create multiple low-privileged user accounts, gaining unauthorized access to the system. Additionally, continuous exploitation could lead to system resource exhaustion through mass user creation.

Ссылки

https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2024/WSO2-2024-3574/
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:wso2:api_manager:2.1.0:*:*:*:*:*:*:*

cpe:2.3:a:wso2:api_manager:2.2.0:*:*:*:*:*:*:*

cpe:2.3:a:wso2:api_manager:2.5.0:*:*:*:*:*:*:*

cpe:2.3:a:wso2:api_manager:2.6.0:*:*:*:*:*:*:*

cpe:2.3:a:wso2:api_manager:3.0.0:*:*:*:*:*:*:*

cpe:2.3:a:wso2:api_manager:3.1.0:*:*:*:*:*:*:*

cpe:2.3:a:wso2:api_manager:3.2.0:*:*:*:*:*:*:*

cpe:2.3:a:wso2:api_manager:3.2.1:*:*:*:*:*:*:*

cpe:2.3:a:wso2:api_manager:4.0.0:*:*:*:*:*:*:*

cpe:2.3:a:wso2:api_manager:4.1.0:-:*:*:*:*:*:*

cpe:2.3:a:wso2:api_manager:4.2.0:-:*:*:*:*:*:*

cpe:2.3:a:wso2:api_manager:4.3.0:-:*:*:*:*:*:*

cpe:2.3:a:wso2:identity_server:5.2.0:*:*:*:*:*:*:*

cpe:2.3:a:wso2:identity_server:5.3.0:*:*:*:*:*:*:*

cpe:2.3:a:wso2:identity_server:5.4.0:*:*:*:*:*:*:*

cpe:2.3:a:wso2:identity_server:5.4.1:*:*:*:*:*:*:*

cpe:2.3:a:wso2:identity_server:5.5.0:*:*:*:*:*:*:*

cpe:2.3:a:wso2:identity_server:5.6.0:*:*:*:*:*:*:*

cpe:2.3:a:wso2:identity_server:5.7.0:*:*:*:*:*:*:*

cpe:2.3:a:wso2:identity_server:5.8.0:*:*:*:*:*:*:*

cpe:2.3:a:wso2:identity_server:5.9.0:*:*:*:*:*:*:*

cpe:2.3:a:wso2:identity_server:5.10.0:*:*:*:*:*:*:*

cpe:2.3:a:wso2:identity_server:5.11.0:*:*:*:*:*:*:*

cpe:2.3:a:wso2:identity_server:6.0.0:*:*:*:*:*:*:*

cpe:2.3:a:wso2:identity_server:6.1.0:*:*:*:*:*:*:*

cpe:2.3:a:wso2:identity_server:7.0.0:*:*:*:*:*:*:*

cpe:2.3:a:wso2:identity_server_as_key_manager:5.3.0:*:*:*:*:*:*:*

cpe:2.3:a:wso2:identity_server_as_key_manager:5.5.0:*:*:*:*:*:*:*

cpe:2.3:a:wso2:identity_server_as_key_manager:5.6.0:*:*:*:*:*:*:*

cpe:2.3:a:wso2:identity_server_as_key_manager:5.7.0:*:*:*:*:*:*:*

cpe:2.3:a:wso2:identity_server_as_key_manager:5.9.0:*:*:*:*:*:*:*

cpe:2.3:a:wso2:identity_server_as_key_manager:5.10.0:*:*:*:*:*:*:*

cpe:2.3:a:wso2:open_banking_am:2.0.0:*:*:*:*:*:*:*

cpe:2.3:a:wso2:open_banking_iam:2.0.0:*:*:*:*:*:*:*

cpe:2.3:a:wso2:open_banking_km:1.3.0:*:*:*:*:*:*:*

cpe:2.3:a:wso2:open_banking_km:1.4.0:*:*:*:*:*:*:*

cpe:2.3:a:wso2:open_banking_km:1.5.0:*:*:*:*:*:*:*

EPSS

Процентиль: 94%

0.13504

Средний

4.3 Medium

CVSS3

Дефекты

CWE-863

Связанные уязвимости

GHSA-2vx2-pv2m-vwrq

CVSS3: 4.3

github

8 месяцев назад

An incorrect authorization vulnerability exists in multiple WSO2 products due to a flaw in the SOAP admin service, which allows user account creation regardless of the self-registration configuration settings. This vulnerability enables malicious actors to create new user accounts without proper authorization. Exploitation of this flaw could allow an attacker to create multiple low-privileged user accounts, gaining unauthorized access to the system. Additionally, continuous exploitation could lead to system resource exhaustion through mass user creation.

EPSS

Процентиль: 94%

0.13504

Средний

4.3 Medium

CVSS3

Дефекты

CWE-863