Home
MEDIUM: 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NDefault status
unaffected
Any version before 5.3.0
unknown
5.3.0 (custom) before 5.3.0.37
affected
5.5.0 (custom) before 5.5.0.50
affected
5.6.0 (custom) before 5.6.0.71
affected
5.7.0 (custom) before 5.7.0.122
affected
5.9.0 (custom) before 5.9.0.165
affected
5.10.0 (custom) before 5.10.0.312
affected
Default status
unaffected
Any version before 5.2.0
unknown
5.2.0 (custom) before 5.2.0.32
affected
5.3.0 (custom) before 5.3.0.32
affected
5.4.0 (custom) before 5.4.0.31
affected
5.4.1 (custom) before 5.4.1.36
affected
5.5.0 (custom) before 5.5.0.49
affected
5.6.0 (custom) before 5.6.0.57
affected
5.7.0 (custom) before 5.7.0.123
affected
5.8.0 (custom) before 5.8.0.105
affected
5.9.0 (custom) before 5.9.0.156
affected
5.10.0 (custom) before 5.10.0.318
affected
5.11.0 (custom) before 5.11.0.364
affected
6.0.0 (custom) before 6.0.0.208
affected
6.1.0 (custom) before 6.1.0.187
affected
7.0.0 (custom) before 7.0.0.59
affected
Default status
unaffected
Any version before 1.3.0
unknown
1.3.0 (custom) before 1.3.0.114
affected
1.4.0 (custom) before 1.4.0.130
affected
1.5.0 (custom) before 1.5.0.120
affected
Default status
unaffected
Any version before 2.0.0
unknown
2.0.0 (custom) before 2.0.0.363
affected
Default status
unknown
5.2.2 (custom) before 5.2.2.14
affected
5.7.5 (custom) before 5.7.5.15
affected
5.10.86 (custom) before 5.10.86.5
affected
5.10.112 (custom) before 5.10.112.16
affected
5.11.148 (custom) before 5.11.148.15
affected
5.11.256 (custom) before 5.11.256.17
affected
5.12.153 (custom) before 5.12.153.59
affected
5.12.387 (custom) before 5.12.387.42
affected
5.14.97 (custom) before 5.14.97.76
affected
5.17.5 (custom) before 5.17.5.284
affected
5.18.187 (custom) before 5.18.187.268
affected
5.23.8 (custom) before 5.23.8.186
affected
5.25.92 (custom) before 5.25.92.95
affected
7.0.78 (custom) before 7.0.78.35
affected
7.4.3 (custom)
unaffected
Description
A server-side request forgery (SSRF) vulnerability exists in multiple WSO2 products due to improper input validation in SOAP admin services. This flaw allows unauthenticated attackers to manipulate server-side requests, enabling access to internal and external resources available through the network or filesystem. Exploitation of this vulnerability could lead to unauthorized access to sensitive data and systems, including resources within private networks, as long as they are reachable by the affected product.
Problem types
CWE-918 Server-Side Request Forgery (SSRF)
Product status
Any version before 5.3.0
5.3.0 (custom) before 5.3.0.37
5.5.0 (custom) before 5.5.0.50
5.6.0 (custom) before 5.6.0.71
5.7.0 (custom) before 5.7.0.122
5.9.0 (custom) before 5.9.0.165
5.10.0 (custom) before 5.10.0.312
Any version before 5.2.0
5.2.0 (custom) before 5.2.0.32
5.3.0 (custom) before 5.3.0.32
5.4.0 (custom) before 5.4.0.31
5.4.1 (custom) before 5.4.1.36
5.5.0 (custom) before 5.5.0.49
5.6.0 (custom) before 5.6.0.57
5.7.0 (custom) before 5.7.0.123
5.8.0 (custom) before 5.8.0.105
5.9.0 (custom) before 5.9.0.156
5.10.0 (custom) before 5.10.0.318
5.11.0 (custom) before 5.11.0.364
6.0.0 (custom) before 6.0.0.208
6.1.0 (custom) before 6.1.0.187
7.0.0 (custom) before 7.0.0.59
Any version before 1.3.0
1.3.0 (custom) before 1.3.0.114
1.4.0 (custom) before 1.4.0.130
1.5.0 (custom) before 1.5.0.120
Any version before 2.0.0
2.0.0 (custom) before 2.0.0.363
5.2.2 (custom) before 5.2.2.14
5.7.5 (custom) before 5.7.5.15
5.10.86 (custom) before 5.10.86.5
5.10.112 (custom) before 5.10.112.16
5.11.148 (custom) before 5.11.148.15
5.11.256 (custom) before 5.11.256.17
5.12.153 (custom) before 5.12.153.59
5.12.387 (custom) before 5.12.387.42
5.14.97 (custom) before 5.14.97.76
5.17.5 (custom) before 5.17.5.284
5.18.187 (custom) before 5.18.187.268
5.23.8 (custom) before 5.23.8.186
5.25.92 (custom) before 5.25.92.95
7.0.78 (custom) before 7.0.78.35
7.4.3 (custom)
References
security.docs.wso2.com/...ity-advisories/2024/WSO2-2024-3562