WSO2

WSO2

A critical security vulnerability (CVE-2024-6914) in WSO2 products allows attackers to reset passwords for any user account, potentially leading to complete system compromise. The flaw stems from an incorrect authorization issue in the account recovery SOAP admin service, enabling unauthorized access to user accounts, including those with administrative privileges. This vulnerability affects multiple WSO2 products, posing significant security risks to the entire infrastructure.

Source: https://cybersecuritynews.com/critical-wso2-soap-vulnerability/

TPRM report: https://scoringcyber.rankiteo.com/company/wso2

"id": "wso137052625",
"linkid": "wso2",
"type": "Vulnerability",
"date": "5/2025",
"severity": "50",
"impact": "2",
"explanation": "Attack limited on finance or reputation"
{'affected_entities': [{'industry': 'Technology',
                        'name': 'WSO2',
                        'type': 'Software Vendor'}],
 'attack_vector': 'Network',
 'data_breach': {'type_of_data_compromised': 'User Accounts'},
 'date_publicly_disclosed': '2025-05-22',
 'description': 'A critical security vulnerability in multiple WSO2 products '
                'has been discovered that allows attackers to reset passwords '
                'for any user account, potentially leading to complete system '
                'compromise.',
 'impact': {'data_compromised': 'User Accounts, including Administrative '
                                'Privileges',
            'identity_theft_risk': 'High',
            'operational_impact': 'Potential Complete System Compromise',
            'systems_affected': ['WSO2 API Manager versions 2.2.0 to 4.3.0',
                                 'WSO2 Identity Server versions 5.3.0 to 7.0.0',
                                 'WSO2 Identity Server as Key Manager versions '
                                 '5.3.0 to 5.10.0',
                                 'WSO2 Open Banking AM/IAM/KM versions 1.3.0 '
                                 'to 2.0.0']},
 'initial_access_broker': {'entry_point': '/services SOAP admin endpoints',
                           'high_value_targets': 'Administrative Accounts'},
 'motivation': 'Unauthorized Access to User Accounts',
 'post_incident_analysis': {'corrective_actions': 'Apply security patches, '
                                                  'restrict access to SOAP '
                                                  'admin services, implement '
                                                  'additional authentication '
                                                  'layers',
                            'root_causes': 'Incorrect authorization flaw in '
                                           'the account recovery SOAP admin '
                                           'service'},
 'recommendations': 'Follow WSO2’s Security Guidelines for Production '
                    'Deployment, restrict access to SOAP admin services from '
                    'untrusted networks, apply security patches',
 'references': [{'source': 'Official Security Advisory'}],
 'response': {'containment_measures': 'Disable public exposure of the '
                                      '/services context path, implement '
                                      'network-level access controls, monitor '
                                      'for unauthorized password reset '
                                      'attempts',
              'network_segmentation': 'Implement network segmentation per '
                                      'WSO2’s Security Guidelines for '
                                      'Production Deployment',
              'remediation_measures': 'Apply security patches, review and '
                                      'tighten authorization mechanisms, '
                                      'implement additional authentication '
                                      'layers for administrative functions'},
 'title': 'Critical WSO2 SOAP Vulnerability',
 'type': 'Vulnerability Exploitation',
 'vulnerability_exploited': 'CVE-2024-6914'}
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.