We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2024-7487

Improper Authentication in WSO2 Identity Server 7.0.0 Allows Bypass of App-Native Authentication



Description

An improper authentication vulnerability exists in WSO2 Identity Server 7.0.0 due to an implementation flaw that allows app-native authentication to be bypassed when an invalid object is passed. Exploitation of this vulnerability could enable malicious actors to circumvent the client verification mechanism, compromising the integrity of the authentication process.

Reserved 2024-08-05 | Published 2025-05-22 | Updated 2025-05-22 | Assigner WSO2


MEDIUM: 5.8CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N

Problem types

CWE-287 Improper Authentication

Product status

Default status
unaffected

7.0.0 before 7.0.0.65
affected

Default status
unknown

7.0.26 before 7.0.26.24
affected

7.0.51
unaffected

Default status
unknown

7.0.78 before 7.0.78.44
affected

7.1.30
unaffected

References

security.docs.wso2.com/...ty-advisories/2024/WSO2-2024-3348/ vendor-advisory

cve.org (CVE-2024-7487)

nvd.nist.gov (CVE-2024-7487)

Download JSON

Share this page
https://cve.threatint.eu/CVE/CVE-2024-7487

Support options

Helpdesk Chat, Email, Knowledgebase
© Copyright 2025 THREATINT
Made in Cyprus with +
 System status
Find us on
Data Privacy
Terms of Use
Logo BSI Allianz für Cyber-Sicherheit
Error loading Crisp.chat. Please check your web content filter and browser plugins.