CVE-2024-7096 | THREATINT

Description

A privilege escalation vulnerability exists in multiple WSO2 products due to a business logic flaw in SOAP admin services. A malicious actor can create a new user with elevated permissions only when all of the following conditions are met: * SOAP admin services are accessible to the attacker. * The deployment includes an internally used attribute that is not part of the default WSO2 product configuration. * At least one custom role exists with non-default permissions. * The attacker has knowledge of the custom role and the internal attribute used in the deployment. Exploiting this vulnerability allows malicious actors to assign higher privileges to self-registered users, bypassing intended access control mechanisms.

PUBLISHED Reserved 2024-07-25 | Published 2025-05-30 | Updated 2025-12-03 | Assigner WSO2

MEDIUM: 4.2CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

Problem types

CWE-863 Incorrect Authorization

Product status

Default status

unaffected

Any version before 2.0.0

unknown

2.0.0 (custom) before 2.0.0.364

affected

Default status

unaffected

Any version before 1.3.0

unknown

1.3.0 (custom) before 1.3.0.131

affected

1.4.0 (custom) before 1.4.0.134

affected

1.5.0 (custom) before 1.5.0.136

affected

2.0.0 (custom) before 2.0.0.343

affected

Default status

unaffected

Any version before 2.0.0

unknown

2.0.0 (custom) before 2.0.0.29

affected

2.1.0 (custom) before 2.1.0.39

affected

2.2.0 (custom) before 2.2.0.56

affected

2.5.0 (custom) before 2.5.0.83

affected

2.6.0 (custom) before 2.6.0.142

affected

3.0.0 (custom) before 3.0.0.162

affected

3.1.0 (custom) before 3.1.0.294

affected

3.2.0 (custom) before 3.2.0.384

affected

3.2.1 (custom) before 3.2.1.16

affected

4.0.0 (custom) before 4.0.0.305

affected

4.1.0 (custom) before 4.1.0.166

affected

4.2.0 (custom) before 4.2.0.101

affected

4.3.0 (custom) before 4.3.0.16

affected

Default status

unknown

2.2.0 (custom) before 2.2.0.26

affected

Default status

unaffected

Any version before 5.2.0

unknown

5.2.0 (custom) before 5.2.0.32

affected

5.3.0 (custom) before 5.3.0.33

affected

5.4.1 (custom) before 5.4.1.36

affected

5.5.0 (custom) before 5.5.0.50

affected

5.6.0 (custom) before 5.6.0.58

affected

5.7.0 (custom) before 5.7.0.123

affected

5.8.0 (custom) before 5.8.0.106

affected

5.9.0 (custom) before 5.9.0.157

affected

5.10.0 (custom) before 5.10.0.318

affected

5.11.0 (custom) before 5.11.0.365

affected

6.0.0 (custom) before 6.0.0.209

affected

6.1.0 (custom) before 6.1.0.188

affected

7.0.0 (custom) before 7.0.0.60

affected

Default status

unaffected

Any version before 5.3.0

unknown

5.3.0 (custom) before 5.3.0.38

affected

5.5.0 (custom) before 5.5.0.51

affected

5.6.0 (custom) before 5.6.0.72

affected

5.7.0 (custom) before 5.7.0.122

affected

5.9.0 (custom) before 5.9.0.165

affected

5.10.0 (custom) before 5.10.0.312

affected

Default status

unaffected

Any version before 1.3.0

unknown

1.3.0 (custom) before 1.3.0.114

affected

1.4.0 (custom) before 1.4.0.130

affected

1.5.0 (custom) before 1.5.0.120

affected

References

security.docs.wso2.com/...ty-advisories/2024/WSO2-2024-3573/ vendor-advisory

cve.org (CVE-2024-7096)

nvd.nist.gov (CVE-2024-7096)

Download JSON