Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

WSO2 — Vulnerabilities & Security Advisories 60

Browse all 60 CVE security advisories affecting WSO2. AI-powered Chinese analysis, POCs, and references for each vulnerability.

WSO2 provides an open-source platform for API management, identity and access management, and enterprise integration. Its middleware architecture, which facilitates complex digital transformations, has historically been a target for attackers due to its broad attack surface. The 57 recorded Common Vulnerabilities and Exposures (CVEs) predominantly involve remote code execution, cross-site scripting, and authentication bypass flaws. These issues often stem from improper input validation and insecure default configurations within its API gateway and identity server components. While no single catastrophic breach has defined the vendor’s public history, the high volume of vulnerabilities indicates systemic weaknesses in code review processes for legacy modules. Security practitioners must prioritize patching these known exploits, particularly those affecting exposed management consoles, to prevent unauthorized access and data exfiltration in enterprise environments relying on this integration suite.

Found 8 results / 60Clear Filters
Top products by WSO2: WSO2 API Manager WSO2 Identity Server WSO2 Enterprise Integrator WSO2 Identity Server as Key Manager WSO2 Open Banking IAM carbon-registry WSO2 Open Banking AM WSO2 API Manager WSO2 Micro Integrator
CVE IDTitleCVSSSeverityPublished
CVE-2025-10713 XML External Entity (XXE) Vulnerability in Multiple WSO2 Products Due to Improper XML Parser Configuration — WSO2 Enterprise IntegratorCWE-611 6.5 Medium2025-11-05
CVE-2025-9955 Improper Access Control in WSO2 Enterprise Integrator Product via SOAP Admin Services for Logs and User-Store Configuration — WSO2 Enterprise Integrator 5.7 Medium2025-10-16
CVE-2025-1862 Authenticated Arbitrary File Upload in Multiple WSO2 Products via BPEL Uploader SOAP Service Leading to Remote Code Execution — WSO2 Enterprise IntegratorCWE-434 6.7 Medium2025-09-26
CVE-2024-3511 Incorrect Authorization in Multiple WSO2 Products Allows Unauthorized Access to Registry Versioned Files — WSO2 Enterprise IntegratorCWE-863 4.3 Medium2025-06-23
CVE-2024-8008 Reflected Cross-Site Scripting (XSS) in Multiple WSO2 Products via JDBC User Store Connection Validation — WSO2 Enterprise IntegratorCWE-79 5.2 Medium2025-06-02
CVE-2024-3509 Stored Cross-Site Scripting (XSS) in Management Console of Multiple WSO2 Products via Rich Text Editor — WSO2 Enterprise IntegratorCWE-79 4.3 Medium2025-06-02
CVE-2024-7074 Authenticated Arbitrary File Upload in Multiple WSO2 Products via SOAP Admin Service Leading to Remote Code Execution — WSO2 Enterprise IntegratorCWE-434 6.8 Medium2025-06-02
CVE-2024-0392 Cross-Site Request Forgery (CSRF) in WSO2 Enterprise Integrator 6.6.0 Management Console Due to Missing CSRF Token Validation — WSO2 Enterprise IntegratorCWE-352 5.4 Medium2025-02-27

This page lists every published CVE security advisory associated with WSO2. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.