#VU102298 Exposed dangerous method or function in WSO2 Inc. products - CVE-2024-6914
Published: January 6, 2025
Vulnerability identifier: #VU102298
Vulnerability risk: High
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
CVE-ID: CVE-2024-6914
CWE-ID: CWE-749
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
WSO2 API Manager
WSO2 Identity Server
WSO2 Identity Server as Key Manager
WSO2 Open Banking AM
WSO2 Open Banking IAM
WSO2 Open banking KM
WSO2 API Manager
WSO2 Identity Server
WSO2 Identity Server as Key Manager
WSO2 Open Banking AM
WSO2 Open Banking IAM
WSO2 Open banking KM
Software vendor:
WSO2 Inc.
WSO2 Inc.
Description
The vulnerability allows a remote attacker to bypass authentication process.
The vulnerability exists due to the exposure of a dangerous function within the implementation of the user self-registration process. A remote attacker can bypass authentication process and gain unauthorized access to the application.
Remediation
Install updates from vendor's website.