CVE-2024-7073 | THREATINT

Description

A server-side request forgery (SSRF) vulnerability exists in multiple WSO2 products due to improper input validation in SOAP admin services. This flaw allows unauthenticated attackers to manipulate server-side requests, enabling access to internal and external resources available through the network or filesystem. Exploitation of this vulnerability could lead to unauthorized access to sensitive data and systems, including resources within private networks, as long as they are reachable by the affected product.

Reserved 2024-07-24 | Published 2025-06-02 | Updated 2025-06-02 | Assigner WSO2

MEDIUM: 6.5CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Problem types

CWE-918 Server-Side Request Forgery (SSRF)

Product status

Default status

unaffected

Any version before 5.3.0

unknown

5.3.0 before 5.3.0.37

affected

5.5.0 before 5.5.0.50

affected

5.6.0 before 5.6.0.71

affected

5.7.0 before 5.7.0.122

affected

5.9.0 before 5.9.0.165

affected

5.10.0 before 5.10.0.312

affected

Default status

unaffected

Any version before 5.2.0

unknown

5.2.0 before 5.2.0.32

affected

5.3.0 before 5.3.0.32

affected

5.4.0 before 5.4.0.31

affected

5.4.1 before 5.4.1.36

affected

5.5.0 before 5.5.0.49

affected

5.6.0 before 5.6.0.57

affected

5.7.0 before 5.7.0.123

affected

5.8.0 before 5.8.0.105

affected

5.9.0 before 5.9.0.156

affected

5.10.0 before 5.10.0.318

affected

5.11.0 before 5.11.0.364

affected

6.0.0 before 6.0.0.208

affected

6.1.0 before 6.1.0.187

affected

7.0.0 before 7.0.0.59

affected

Default status

unaffected

Any version before 1.3.0

unknown

1.3.0 before 1.3.0.114

affected

1.4.0 before 1.4.0.130

affected

1.5.0 before 1.5.0.120

affected

Default status

unaffected

Any version before 2.0.0

unknown

2.0.0 before 2.0.0.363

affected

Default status

unknown

5.2.2 before 5.2.2.14

affected

5.7.5 before 5.7.5.15

affected

5.10.86 before 5.10.86.5

affected

5.10.112 before 5.10.112.16

affected

5.11.148 before 5.11.148.15

affected

5.11.256 before 5.11.256.17

affected

5.12.153 before 5.12.153.59

affected

5.12.387 before 5.12.387.42

affected

5.14.97 before 5.14.97.76

affected

5.17.5 before 5.17.5.284

affected

5.18.187 before 5.18.187.268

affected

5.23.8 before 5.23.8.186

affected

5.25.92 before 5.25.92.95

affected

7.0.78 before 7.0.78.35

affected

7.4.3

unaffected

References

security.docs.wso2.com/...ity-advisories/2024/WSO2-2024-3562 vendor-advisory

cve.org (CVE-2024-7073)

nvd.nist.gov (CVE-2024-7073)

Download JSON