目標達成 すべての支援者に感謝 — 100%達成しました!

目標: 1000 CNY · 調達済み: 1336 CNY

100%

WSO2 API Manager 产品漏洞列表 / CVE 中文分析 27

WSO2 API Manager 产品相关 27 条漏洞,AI 中文标题与摘要、CVSS、POC 一站汇总。

本页面汇集了WSO2 API Manager软件产品的安全漏洞信息,涵盖远程代码执行、跨站脚本及授权绕过等常见弱点。收录范围包括该组件的历史高危漏洞及官方发布的安全公告,时间跨度覆盖从早期版本至最新维护版本期间发现的各类缺陷。通过查阅本页数据,您可以快速追踪WSO2公司的安全更新动态,深入分析特定版本存在的已知风险,并检索特定功能模块的历史漏洞记录,从而为系统升级与防护策略制定提供可靠依据。

ベンダー: WSO2

CVE IDタイトルCVSS深刻度公開日
CVE-2024-1248 Role Overwriting via Silent JIT Provisioning in Multiple WSO2 Products Enables Privilege Escalation CWE-298 4.8 Medium2026-07-04
CVE-2026-2053 Unauthenticated Server-Side Request Forgery via WS-Addressing in WSO2 API Manager CWE-918 8.3 High2026-06-26
CVE-2025-8154 HTTP Header Injection via Webhook API in Multiple WSO2 Products Allows Response Header Manipulation CWE-74 5.3 Medium2026-05-11
CVE-2025-6024 Cross-Site Scripting via Authentication Endpoint in Multiple WSO2 Products Allows Redirection to Malicious Websites CWE-79 6.1 Medium2026-04-16
CVE-2024-10242 Reflected Cross-Site Scripting via Authentication Endpoint in WSO2 API Manager Allows UI Modification and Redirection CWE-79 6.1 Medium2026-04-16
CVE-2024-8010 XML External Entity Injection via Publisher in WSO2 API Manager Allows Reading Arbitrary Files CWE-611 3.5 Low2026-04-16
CVE-2024-4867 Cross-Site Scripting via Developer Portal in WSO2 API Manager Enables UI Modification and Information Retrieval CWE-79 5.4 Medium2026-04-16
CVE-2024-2374 XML External Entity Injection in Multiple WSO2 Products Allows Arbitrary file read and Denial of Service CWE-611 7.5 High2026-04-16
CVE-2024-1524 A local user can be impersonated when using federated authentication with Silent JIT Provisioning. CWE-290 7.7 High2026-02-24
CVE-2025-13590 Authenticated arbitrary file upload via a System REST API requiring administrator permission. 9.1 Critical2026-02-19
CVE-2025-9312 Improper Certificate-Based Authentication Enforcement in Multiple WSO2 Products CWE-306 9.8 Critical2025-11-18
CVE-2025-10907 Authenticated Arbitrary File Upload in Multiple WSO2 Products via SOAP Admin Services Leading to Remote Code Execution CWE-434 8.4 High2025-11-05
CVE-2025-9152 Improper Privilege Management in Multiple WSO2 API Manager via keymanager-operations DCR Endpoint 9.8 Critical2025-10-16
CVE-2025-10611 Potential Broken Access Control in Multiple WSO2 Products via System REST APIs 9.8 Critical2025-10-16
CVE-2025-5717 Authenticated Remote Code Execution in Multiple WSO2 Products via Event Processor Admin Service CWE-94 6.8 Medium2025-09-23
CVE-2025-4760 Authenticated Stored Cross-Site Scripting (XSS) in Multiple WSO2 Products via API Document Upload in Publisher CWE-79 4.8 Medium2025-09-23
CVE-2024-4598 Information Disclosure in Multiple WSO2 Products Due to Improper Handling in Enrich Mediator 6.5 Medium2025-09-23
CVE-2024-5962 Reflected Cross-Site Scripting (XSS) in Authentication Endpoint of Multiple WSO2 Products Due to Missing Output Encoding CWE-79 6.1 Medium2025-05-22
CVE-2024-6914 Incorrect Authorization in Multiple WSO2 Products via Account Recovery SOAP Admin Service Leading to Account Takeover CWE-863 8.8 High2025-05-22
CVE-2025-2905 An XML External Entity (XXE) vulnerability in Multiple WSO2 Products CWE-611 9.1 Critical2025-05-05
CVE-2024-5848 Reflected Cross-Site Scripting (XSS) in Multiple WSO2 Products Due to Improper Input Validation CWE-79 6.1 Medium2025-02-27
CVE-2024-2321 Incorrect Authorization in Multiple WSO2 Products Allows API Access via Refresh Token CWE-863 5.6 Medium2025-02-27
CVE-2023-6911 部分WSO2产品 跨站脚本漏洞 CWE-79 4.8 Medium2023-12-18
CVE-2023-6839 WSO2 API Manager 安全漏洞 CWE-209 5.3 Medium2023-12-15
CVE-2023-6838 WSO2 API Manager 跨站脚本漏洞 CWE-79 6.1 Medium2023-12-15
CVE-2023-6837 Incorrect Authorization in Multiple WSO2 Products via Federated Authentication with JIT Provisioning Leading to User Impersonation CWE-863 8.5 High2023-12-15
CVE-2023-6835 WSO2 API Manager 安全漏洞 CWE-20 4.3 Medium2023-12-15

WSO2 API Manager 产品累计公开 27 条 CVE 漏洞,本页提供按时间倒序的完整列表,包含 CVSS、CWE、AI 中文摘要与可获取的 POC 链接。