CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2024-7097

An incorrect authorization vulnerability exists in multiple WSO2 products due to a flaw in the SOAP admin service, which allows user account creation regardless of the self-registration configuration settings. This vulnerability enables malicious actors to create new user accounts without proper authorization. Exploitation of this flaw could allow an attacker to create multiple low-privileged user accounts, gaining unauthorized access to the system. Additionally, continuous exploitation could lead to system resource exhaustion through mass user creation.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.087

EPSS Ranking 92.1%

CVSS Severity

CVSS v3 Score 4.3

References

https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2024/WSO2-2024-3574/

Products affected by CVE-2024-7097

Wso2 » Api Manager » Version: 2.1.0

cpe:2.3:a:wso2:api_manager:2.1.0
Wso2 » Api Manager » Version: 2.2.0

cpe:2.3:a:wso2:api_manager:2.2.0
Wso2 » Api Manager » Version: 2.5.0

cpe:2.3:a:wso2:api_manager:2.5.0
Wso2 » Api Manager » Version: 2.6.0

cpe:2.3:a:wso2:api_manager:2.6.0
Wso2 » Api Manager » Version: 3.0.0

cpe:2.3:a:wso2:api_manager:3.0.0
Wso2 » Api Manager » Version: 3.1.0

cpe:2.3:a:wso2:api_manager:3.1.0
Wso2 » Api Manager » Version: 3.2.0

cpe:2.3:a:wso2:api_manager:3.2.0
Wso2 » Api Manager » Version: 3.2.1

cpe:2.3:a:wso2:api_manager:3.2.1
Wso2 » Api Manager » Version: 4.0.0

cpe:2.3:a:wso2:api_manager:4.0.0
Wso2 » Api Manager » Version: 4.1.0

cpe:2.3:a:wso2:api_manager:4.1.0
Wso2 » Api Manager » Version: 4.2.0

cpe:2.3:a:wso2:api_manager:4.2.0
Wso2 » Api Manager » Version: 4.3.0

cpe:2.3:a:wso2:api_manager:4.3.0
Wso2 » Identity Server » Version: 5.10.0

cpe:2.3:a:wso2:identity_server:5.10.0
Wso2 » Identity Server » Version: 5.11.0

cpe:2.3:a:wso2:identity_server:5.11.0
Wso2 » Identity Server » Version: 5.2.0

cpe:2.3:a:wso2:identity_server:5.2.0
Wso2 » Identity Server » Version: 5.3.0

cpe:2.3:a:wso2:identity_server:5.3.0
Wso2 » Identity Server » Version: 5.4.0

cpe:2.3:a:wso2:identity_server:5.4.0
Wso2 » Identity Server » Version: 5.4.1

cpe:2.3:a:wso2:identity_server:5.4.1
Wso2 » Identity Server » Version: 5.5.0

cpe:2.3:a:wso2:identity_server:5.5.0
Wso2 » Identity Server » Version: 5.6.0

cpe:2.3:a:wso2:identity_server:5.6.0
Wso2 » Identity Server » Version: 5.7.0

cpe:2.3:a:wso2:identity_server:5.7.0
Wso2 » Identity Server » Version: 5.8.0

cpe:2.3:a:wso2:identity_server:5.8.0
Wso2 » Identity Server » Version: 5.9.0

cpe:2.3:a:wso2:identity_server:5.9.0
Wso2 » Identity Server » Version: 6.0.0

cpe:2.3:a:wso2:identity_server:6.0.0
Wso2 » Identity Server » Version: 6.1.0

cpe:2.3:a:wso2:identity_server:6.1.0
Wso2 » Identity Server » Version: 7.0.0

cpe:2.3:a:wso2:identity_server:7.0.0
Wso2 » Identity Server As Key Manager » Version: 5.10.0

cpe:2.3:a:wso2:identity_server_as_key_manager:5.10.0
Wso2 » Identity Server As Key Manager » Version: 5.3.0

cpe:2.3:a:wso2:identity_server_as_key_manager:5.3.0
Wso2 » Identity Server As Key Manager » Version: 5.5.0

cpe:2.3:a:wso2:identity_server_as_key_manager:5.5.0
Wso2 » Identity Server As Key Manager » Version: 5.6.0

cpe:2.3:a:wso2:identity_server_as_key_manager:5.6.0
Wso2 » Identity Server As Key Manager » Version: 5.7.0

cpe:2.3:a:wso2:identity_server_as_key_manager:5.7.0
Wso2 » Identity Server As Key Manager » Version: 5.9.0

cpe:2.3:a:wso2:identity_server_as_key_manager:5.9.0
Wso2 » Open Banking Am » Version: 2.0.0

cpe:2.3:a:wso2:open_banking_am:2.0.0
Wso2 » Open Banking Iam » Version: 2.0.0

cpe:2.3:a:wso2:open_banking_iam:2.0.0
Wso2 » Open Banking Km » Version: 1.3.0

cpe:2.3:a:wso2:open_banking_km:1.3.0
Wso2 » Open Banking Km » Version: 1.4.0

cpe:2.3:a:wso2:open_banking_km:1.4.0
Wso2 » Open Banking Km » Version: 1.5.0

cpe:2.3:a:wso2:open_banking_km:1.5.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2024-7097

Products

Pricing

Contact Us