CVE-2024-7073

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-7073
A server-side request forgery (SSRF) vulnerability exists in multiple WSO2 products due to improper input validation in SOAP admin services. This flaw allows unauthenticated attackers to manipulate server-side requests, enabling access to internal and external resources available through the network or filesystem. Exploitation of this vulnerability could lead to unauthorized access to sensitive data and systems, including resources within private networks, as long as they are reachable by the affected product.

6.5 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector ADJACENT_NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2024/WSO2-2024-3562 Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:wso2:identity_server:5.2.0:*:*:*:*:*:*:*
cpe:2.3:a:wso2:identity_server:5.3.0:*:*:*:*:*:*:*
cpe:2.3:a:wso2:identity_server:5.4.0:*:*:*:*:*:*:*
cpe:2.3:a:wso2:identity_server:5.4.1:*:*:*:*:*:*:*
cpe:2.3:a:wso2:identity_server:5.5.0:*:*:*:*:*:*:*
cpe:2.3:a:wso2:identity_server:5.6.0:*:*:*:*:*:*:*
cpe:2.3:a:wso2:identity_server:5.7.0:*:*:*:*:*:*:*
cpe:2.3:a:wso2:identity_server:5.8.0:*:*:*:*:*:*:*
cpe:2.3:a:wso2:identity_server:5.9.0:*:*:*:*:*:*:*
cpe:2.3:a:wso2:identity_server:5.10.0:*:*:*:*:*:*:*
cpe:2.3:a:wso2:identity_server:5.11.0:*:*:*:*:*:*:*
cpe:2.3:a:wso2:identity_server:6.0.0:*:*:*:*:*:*:*
cpe:2.3:a:wso2:identity_server:6.1.0:*:*:*:*:*:*:*
cpe:2.3:a:wso2:identity_server:7.0.0:*:*:*:*:*:*:*
cpe:2.3:a:wso2:identity_server_as_key_manager:5.3.0:*:*:*:*:*:*:*
cpe:2.3:a:wso2:identity_server_as_key_manager:5.5.0:*:*:*:*:*:*:*
cpe:2.3:a:wso2:identity_server_as_key_manager:5.6.0:*:*:*:*:*:*:*
cpe:2.3:a:wso2:identity_server_as_key_manager:5.7.0:*:*:*:*:*:*:*
cpe:2.3:a:wso2:identity_server_as_key_manager:5.9.0:*:*:*:*:*:*:*
cpe:2.3:a:wso2:identity_server_as_key_manager:5.10.0:*:*:*:*:*:*:*
cpe:2.3:a:wso2:open_banking_iam:2.0.0:*:*:*:*:*:*:*
cpe:2.3:a:wso2:open_banking_km:1.3.0:*:*:*:*:*:*:*
cpe:2.3:a:wso2:open_banking_km:1.4.0:*:*:*:*:*:*:*
cpe:2.3:a:wso2:open_banking_km:1.5.0:*:*:*:*:*:*:*
History

No history.

Information

Published : 2025-06-02 17:15

Updated : 2025-10-06 13:46

NVD link : CVE-2024-7073

Mitre link : CVE-2024-7073

CVE.ORG link : CVE-2024-7073

JSON object : View

Products Affected

wso2

  • open_banking_km
  • identity_server_as_key_manager
  • open_banking_iam
  • identity_server
CWE
CWE-918

Server-Side Request Forgery (SSRF)