CVE-2024-7487 | THREATINT

Description

An improper authentication vulnerability exists in WSO2 Identity Server 7.0.0 due to an implementation flaw that allows app-native authentication to be bypassed when an invalid object is passed. Exploitation of this vulnerability could enable malicious actors to circumvent the client verification mechanism, compromising the integrity of the authentication process.

PUBLISHED Reserved 2024-08-05 | Published 2025-05-22 | Updated 2025-05-22 | Assigner WSO2

MEDIUM: 5.8CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N

Problem types

CWE-287 Improper Authentication

Product status

Default status

unaffected

7.0.0 (custom) before 7.0.0.65

affected

Default status

unknown

7.0.26 (custom) before 7.0.26.24

affected

7.0.51 (custom)

unaffected

Default status

unknown

7.0.78 (custom) before 7.0.78.44

affected

7.1.30 (custom)

unaffected

References

security.docs.wso2.com/...ty-advisories/2024/WSO2-2024-3348/ vendor-advisory

cve.org (CVE-2024-7487)

nvd.nist.gov (CVE-2024-7487)

Download JSON