CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2024-1440

An open redirection vulnerability exists in multiple WSO2 products due to improper validation of the multi-option URL in the authentication endpoint when multi-option authentication is enabled. A malicious actor can craft a valid link that redirects users to an attacker-controlled site. By exploiting this vulnerability, an attacker may trick users into visiting a malicious page, enabling phishing attacks to harvest sensitive information or perform other harmful actions.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 21.7%

CVSS Severity

CVSS v3 Score 5.4

References

https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2024/WSO2-2024-3171/

Products affected by CVE-2024-1440

Wso2 » Api Manager » Version: 3.1.0

cpe:2.3:a:wso2:api_manager:3.1.0
Wso2 » Api Manager » Version: 3.2.0

cpe:2.3:a:wso2:api_manager:3.2.0
Wso2 » Api Manager » Version: 4.0.0

cpe:2.3:a:wso2:api_manager:4.0.0
Wso2 » Identity Server » Version: 5.10.0

cpe:2.3:a:wso2:identity_server:5.10.0
Wso2 » Identity Server » Version: 5.11.0

cpe:2.3:a:wso2:identity_server:5.11.0
Wso2 » Identity Server » Version: 6.0.0

cpe:2.3:a:wso2:identity_server:6.0.0
Wso2 » Identity Server » Version: 6.1.0

cpe:2.3:a:wso2:identity_server:6.1.0
Wso2 » Identity Server » Version: 7.0.0

cpe:2.3:a:wso2:identity_server:7.0.0
Wso2 » Identity Server As Key Manager » Version: 5.10.0

cpe:2.3:a:wso2:identity_server_as_key_manager:5.10.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2024-1440

Products

Pricing

Contact Us