WSO2 security advisory-CVE-2022-29464

April 26, 2022

NAME

WSO2Multiple

  • Platforms Affected:
    Multiple

  • Risk Level:
    high

  • CVE Type:
    Unrestricted file upload

DESCRIPTION

CVE-2022-29464 is an unrestricted file upload vulnerability impacting multiple versions of WSO2 API Manager, WSO2 Identity Server, WSO2 Identity Server Analytics, WSO2 Identity Server as Key Manager, and WSO2 Enterprise Integrator. An exploit was observed in open source and a link to an exploit was shared in the underground. Additionally, security researchers claimed threat actors were actively scanning endpoints vulnerable to CVE-2022-29464 and there were attempts to exploit this vulnerability in the wild.

CVSS Information:

  • CVSS 2.0 SCORE:
  • CVSS 3.0 SCORE: 9.8

  • Exploit Disclosed in the Public:
    true

  • Exploit Weaponised:
    true

  • PoC Link:
    hXXps://github[.]com/hakivvi/CVE-2022-29464

MITIGATION

WSO2 addressed the vulnerability in a security advisory with updated versions.

  • Reference Link:
    https://docs.wso2.com/display/Security/Security+Advisory+WSO2-2021-1738

  • Patch Available:
    available

If you like the site, please consider joining the telegram channel and supporting us on Patreon using the button below.

Digital Patreon Wordmark FieryCoralv2

You may have missed

image

[RANSOMHUB] – Ransomware Victim: blr[.]com

November 22, 2024
hackerone

HackerOne Bug Bounty Disclosure: std-process-command-batch-files-argument-escaping-could-be-bypassed-with-trailing-whitespace-or-periods–xpl-r-r

November 22, 2024
image

[LOCKBIT3] – Ransomware Victim: madison-home[.]com

November 22, 2024
image

[CHORT] – Ransomware Victim: sheboyganwi[.]gov

November 22, 2024
image

[QILIN] – Ransomware Victim: Zimmerman & Frachtman PA Law Firm

November 22, 2024