Vulnerabilidades em WSO2
63 resultadosCVE-2024-7074MEDIUMAuthenticated Arbitrary File Upload in Multiple WSO2 Products via SOAP Admin Service Leading to Remote Code ExecutionEPSS 9.8%CVE-2025-2905CRITICALAn XML External Entity (XXE) vulnerability in Multiple WSO2 ProductsEPSS 1.1%CVE-2025-5605MEDIUMAuthentication Bypass via URI Manipulation in Multiple WSO2 Products' Management Console Leading to Partial Information DisclosureEPSS 0.8%CVE-2025-10611CRITICALPotential Broken Access Control in Multiple WSO2 Products via System REST APIsEPSS 0.8%CVE-2025-3125MEDIUMAuthenticated Arbitrary File Upload in Multiple WSO2 Products via CarbonAppUploader Admin Service Leading to Remote Code ExecutionEPSS 0.7%CVE-2025-9152CRITICALImproper Privilege Management in Multiple WSO2 API Manager via keymanager-operations DCR EndpointEPSS 0.7%CVE-2025-13590CRITICALAuthenticated arbitrary file upload via a System REST API requiring administrator permission.EPSS 0.7%CVE-2022-4520LOWWSO2 carbon-registry Advanced Search advancedSearchForm-ajaxprocessor.jsp cross site scriptingEPSS 0.7%CVE-2025-5717MEDIUMAuthenticated Remote Code Execution in Multiple WSO2 Products via Event Processor Admin ServiceEPSS 0.6%CVE-2025-12107HIGHPotential authenticated Server-Side Template Injection (SSTI) vulnerability.EPSS 0.6%CVE-2024-7096MEDIUMPrivilege Escalation in Multiple WSO2 Products via SOAP Admin Service Due to Business Logic FlawEPSS 0.6%CVE-2025-5350MEDIUMSSRF and Reflected XSS Vulnerability in Deprecated Try-It Feature of Multiple WSO2 ProductsEPSS 0.6%CVE-2022-4521LOWWSO2 carbon-registry Request Parameter cross site scriptingEPSS 0.6%CVE-2024-6914CRITICALIncorrect Authorization in Multiple WSO2 Products via Account Recovery SOAP Admin Service Leading to Account TakeoverEPSS 0.6%CVE-2024-7097MEDIUMIncorrect Authorization in Multiple WSO2 Products via SOAP Admin Service Allowing Unauthorized User SignupEPSS 0.5%CVE-2023-6839MEDIUMDue to improper error handling, a REST API resource could expose a server side error containing an internal WSO2 specific package name in thEPSS 0.5%CVE-2023-6835MEDIUMMultiple WSO2 products have been identified as vulnerable due to lack of server-side input validation in the Forum feature, API rating couldEPSS 0.5%CVE-2025-10907HIGHAuthenticated Arbitrary File Upload in Multiple WSO2 Products via SOAP Admin Services Leading to Remote Code ExecutionEPSS 0.5%CVE-2025-9804CRITICALImproper Access Control in Multiple WSO2 Products via Internal SOAP Admin Services and System REST APIsEPSS 0.5%CVE-2025-1862MEDIUMAuthenticated Arbitrary File Upload in Multiple WSO2 Products via BPEL Uploader SOAP Service Leading to Remote Code ExecutionEPSS 0.5%