#VU62638 Arbitrary file upload in WSO2 Inc. Server applications
Vulnerability identifier: #VU62638
Vulnerability risk: Critical
CVSSv3.1: 9.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-434
Exploitation vector: Network
Exploit availability: Yes
Vulnerable software:
WSO2 API Manager
Web applications /
Other software
WSO2 Identity Server Analytics
Web applications /
Other software
WSO2 Identity Server
Server applications /
Directory software, identity management
WSO2 Identity Server as Key Manager
Server applications /
Other server solutions
WSO2 Enterprise Integrator
Server applications /
Other server solutions
Open Banking AM
Server applications /
Other server solutions
Open Banking KM
Server applications /
Other server solutions
Vendor: WSO2 Inc.
Description
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to insufficient validation of files during file upload at the /fileupload endpoint. A remote non-authenticated attacker can upload a malicious file with a Content-Disposition directory traversal sequence to place it under the webroot directory and execute it on the server.
Successful exploitation of the vulnerability may allow an attacker to compromise the affected system.
Mitigation
Install updates from vendor's website.
Vulnerable software versions
WSO2 API Manager: 2.2.0 - 4.0.0
WSO2 Identity Server: 5.2.0 - 5.11.0
WSO2 Identity Server Analytics: 5.4.0 - 5.6.0
WSO2 Identity Server as Key Manager: 5.3.0 - 5.10.0
WSO2 Enterprise Integrator: 6.2.0 - 6.6.0
Open Banking AM: 1.3.0 - 2.0.0
Open Banking KM: 1.3.0 - 1.5.0
External links
http://docs.wso2.com/display/Security/Security+Advisory+WSO2-2021-1738
http://www.openwall.com/lists/oss-security/2022/04/22/7
http://github.com/hakivvi/CVE-2022-29464
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
Yes. This vulnerability is being exploited in the wild.
