Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for WSO2 Carbon Synapse Artifact Uploader BE by WSO2

    CVE-2024-7074 (GCVE-0-2024-7074)

    Vulnerability from nvd – Published: 2025-06-02 16:42 – Updated: 2025-06-02 17:05
    VLAI
    Title
    Authenticated Arbitrary File Upload in Multiple WSO2 Products via SOAP Admin Service Leading to Remote Code Execution
    Summary
    An arbitrary file upload vulnerability exists in multiple WSO2 products due to improper validation of user input in SOAP admin services. A malicious actor with administrative privileges can upload an arbitrary file to a user-controlled location on the server. By leveraging this vulnerability, an attacker could upload a specially crafted payload, potentially achieving remote code execution (RCE) on the server. Exploitation requires valid admin credentials, limiting its impact to authorized but potentially malicious users.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-434 - Unrestricted Upload of File with Dangerous Type
    Assigner
    References
    Impacted products
    Vendor Product Version
    WSO2 WSO2 Enterprise Integrator Unknown: 0 , < 6.0.0 (custom)
    Affected: 6.0.0 , < 6.0.0.21 (custom)
    Affected: 6.1.0 , < 6.1.0.38 (custom)
    Affected: 6.1.1 , < 6.1.1.42 (custom)
    Affected: 6.2.0 , < 6.2.0.61 (custom)
    Affected: 6.3.0 , < 6.3.0.69 (custom)
    Affected: 6.4.0 , < 6.4.0.96 (custom)
    Affected: 6.5.0 , < 6.5.0.102 (custom)
    Affected: 6.6.0 , < 6.6.0.198 (custom)
    Create a notification for this product.
    WSO2 WSO2 API Manager Unknown: 0 , < 2.0.0 (custom)
    Affected: 2.0.0 , < 2.0.0.28 (custom)
    Affected: 2.1.0 , < 2.1.0.38 (custom)
    Affected: 2.2.0 , < 2.2.0.57 (custom)
    Affected: 2.5.0 , < 2.5.0.83 (custom)
    Affected: 2.6.0 , < 2.6.0.143 (custom)
    Affected: 3.0.0 , < 3.0.0.162 (custom)
    Affected: 3.1.0 , < 3.1.0.293 (custom)
    Affected: 3.2.0 , < 3.2.0.384 (custom)
    Affected: 3.2.1 , < 3.2.1.16 (custom)
    Affected: 4.0.0 , < 4.0.0.305 (custom)
    Affected: 4.1.0 , < 4.1.0.166 (custom)
    Affected: 4.2.0 , < 4.2.0.100 (custom)
    Affected: 4.3.0 , < 4.3.0.16 (custom)
    Create a notification for this product.
    WSO2 WSO2 Enterprise Service Bus Affected: 4.9.0 , < 4.9.0.10 (custom)
    Affected: 5.0.0 , < 5.0.0.28 (custom)
    Create a notification for this product.
    WSO2 WSO2 Enterprise Mobility Manager Affected: 2.2.0 , < 2.2.0.27 (custom)
    Create a notification for this product.
    WSO2 WSO2 Micro Integrator Unknown: 0 , < 1.0.0 (custom)
    Affected: 1.0.0 , < 1.0.0.49 (custom)
    Create a notification for this product.
    WSO2 WSO2 Open Banking AM Unknown: 0 , < 1.3.0 (custom)
    Affected: 1.3.0 , < 1.3.0.132 (custom)
    Affected: 1.4.0 , < 1.4.0.135 (custom)
    Affected: 1.5.0 , < 1.5.0.137 (custom)
    Affected: 2.0.0 , < 2.0.0.342 (custom)
    Create a notification for this product.
    WSO2 WSO2 Carbon Synapse Artifact Uploader BE Affected: 4.4.10 , < 4.4.10.3 (custom)
    Affected: 4.6.1 , < 4.6.1.4 (custom)
    Affected: 4.6.6 , < 4.6.6.9 (custom)
    Affected: 4.6.10 , < 4.6.10.4 (custom)
    Affected: 4.6.16 , < 4.6.16.2 (custom)
    Affected: 4.6.19 , < 4.6.19.10 (custom)
    Affected: 4.6.64 , < 4.6.64.2 (custom)
    Affected: 4.6.67 , < 4.6.67.15 (custom)
    Affected: 4.6.89 , < 4.6.89.12 (custom)
    Affected: 4.6.105 , < 4.6.105.59 (custom)
    Affected: 4.6.150 , < 4.6.150.11 (custom)
    Affected: 4.7.20 , < 4.7.20.5 (custom)
    Affected: 4.7.30 , < 4.7.30.42 (custom)
    Affected: 4.7.35 , < 4.7.35.5 (custom)
    Affected: 4.7.61 , < 4.7.61.56 (custom)
    Affected: 4.7.99 , < 4.7.99.299 (custom)
    Affected: 4.7.131 , < 4.7.131.15 (custom)
    Affected: 4.7.175 , < 4.7.175.18 (custom)
    Affected: 4.7.188 , < 4.7.188.5 (custom)
    Affected: 4.7.204 , < 4.7.204.5 (custom)
    Unaffected: 4.7.216 , ≤ * (custom)
    Create a notification for this product.
    Credits
    Anonymous working with Trend Micro Zero Day Initiative
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-7074",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-06-02T17:04:40.480620Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-06-02T17:05:49.920Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "WSO2 Enterprise Integrator",
              "vendor": "WSO2",
              "versions": [
                {
                  "lessThan": "6.0.0",
                  "status": "unknown",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "6.0.0.21",
                  "status": "affected",
                  "version": "6.0.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "6.1.0.38",
                  "status": "affected",
                  "version": "6.1.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "6.1.1.42",
                  "status": "affected",
                  "version": "6.1.1",
                  "versionType": "custom"
                },
                {
                  "lessThan": "6.2.0.61",
                  "status": "affected",
                  "version": "6.2.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "6.3.0.69",
                  "status": "affected",
                  "version": "6.3.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "6.4.0.96",
                  "status": "affected",
                  "version": "6.4.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "6.5.0.102",
                  "status": "affected",
                  "version": "6.5.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "6.6.0.198",
                  "status": "affected",
                  "version": "6.6.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "WSO2 API Manager",
              "vendor": "WSO2",
              "versions": [
                {
                  "lessThan": "2.0.0",
                  "status": "unknown",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "2.0.0.28",
                  "status": "affected",
                  "version": "2.0.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "2.1.0.38",
                  "status": "affected",
                  "version": "2.1.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "2.2.0.57",
                  "status": "affected",
                  "version": "2.2.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "2.5.0.83",
                  "status": "affected",
                  "version": "2.5.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "2.6.0.143",
                  "status": "affected",
                  "version": "2.6.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "3.0.0.162",
                  "status": "affected",
                  "version": "3.0.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "3.1.0.293",
                  "status": "affected",
                  "version": "3.1.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "3.2.0.384",
                  "status": "affected",
                  "version": "3.2.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "3.2.1.16",
                  "status": "affected",
                  "version": "3.2.1",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.0.0.305",
                  "status": "affected",
                  "version": "4.0.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.1.0.166",
                  "status": "affected",
                  "version": "4.1.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.2.0.100",
                  "status": "affected",
                  "version": "4.2.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.3.0.16",
                  "status": "affected",
                  "version": "4.3.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "WSO2 Enterprise Service Bus",
              "vendor": "WSO2",
              "versions": [
                {
                  "lessThan": "4.9.0.10",
                  "status": "affected",
                  "version": "4.9.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "5.0.0.28",
                  "status": "affected",
                  "version": "5.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "WSO2 Enterprise Mobility Manager",
              "vendor": "WSO2",
              "versions": [
                {
                  "lessThan": "2.2.0.27",
                  "status": "affected",
                  "version": "2.2.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "WSO2 Micro Integrator",
              "vendor": "WSO2",
              "versions": [
                {
                  "lessThan": "1.0.0",
                  "status": "unknown",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "1.0.0.49",
                  "status": "affected",
                  "version": "1.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "WSO2 Open Banking AM",
              "vendor": "WSO2",
              "versions": [
                {
                  "lessThan": "1.3.0",
                  "status": "unknown",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "1.3.0.132",
                  "status": "affected",
                  "version": "1.3.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "1.4.0.135",
                  "status": "affected",
                  "version": "1.4.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "1.5.0.137",
                  "status": "affected",
                  "version": "1.5.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "2.0.0.342",
                  "status": "affected",
                  "version": "2.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "packageName": "org.wso2.carbon.mediation:org.wso2.carbon.mediation.artifactuploader",
              "product": "WSO2 Carbon Synapse Artifact Uploader BE",
              "vendor": "WSO2",
              "versions": [
                {
                  "lessThan": "4.4.10.3",
                  "status": "affected",
                  "version": "4.4.10",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.6.1.4",
                  "status": "affected",
                  "version": "4.6.1",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.6.6.9",
                  "status": "affected",
                  "version": "4.6.6",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.6.10.4",
                  "status": "affected",
                  "version": "4.6.10",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.6.16.2",
                  "status": "affected",
                  "version": "4.6.16",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.6.19.10",
                  "status": "affected",
                  "version": "4.6.19",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.6.64.2",
                  "status": "affected",
                  "version": "4.6.64",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.6.67.15",
                  "status": "affected",
                  "version": "4.6.67",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.6.89.12",
                  "status": "affected",
                  "version": "4.6.89",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.6.105.59",
                  "status": "affected",
                  "version": "4.6.105",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.6.150.11",
                  "status": "affected",
                  "version": "4.6.150",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.7.20.5",
                  "status": "affected",
                  "version": "4.7.20",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.7.30.42",
                  "status": "affected",
                  "version": "4.7.30",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.7.35.5",
                  "status": "affected",
                  "version": "4.7.35",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.7.61.56",
                  "status": "affected",
                  "version": "4.7.61",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.7.99.299",
                  "status": "affected",
                  "version": "4.7.99",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.7.131.15",
                  "status": "affected",
                  "version": "4.7.131",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.7.175.18",
                  "status": "affected",
                  "version": "4.7.175",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.7.188.5",
                  "status": "affected",
                  "version": "4.7.188",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.7.204.5",
                  "status": "affected",
                  "version": "4.7.204",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "*",
                  "status": "unaffected",
                  "version": "4.7.216",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Anonymous working with Trend Micro Zero Day Initiative"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An arbitrary file upload vulnerability exists in multiple WSO2 products due to improper validation of user input in SOAP admin services. A malicious actor with administrative privileges can upload an arbitrary file to a user-controlled location on the server.\u003cbr\u003e\u003cbr\u003eBy leveraging this vulnerability, an attacker could upload a specially crafted payload, potentially achieving remote code execution (RCE) on the server. Exploitation requires valid admin credentials, limiting its impact to authorized but potentially malicious users.\u003cbr\u003e"
                }
              ],
              "value": "An arbitrary file upload vulnerability exists in multiple WSO2 products due to improper validation of user input in SOAP admin services. A malicious actor with administrative privileges can upload an arbitrary file to a user-controlled location on the server.\n\nBy leveraging this vulnerability, an attacker could upload a specially crafted payload, potentially achieving remote code execution (RCE) on the server. Exploitation requires valid admin credentials, limiting its impact to authorized but potentially malicious users."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-434",
                  "description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-06-02T16:42:19.264Z",
            "orgId": "ed10eef1-636d-4fbe-9993-6890dfa878f8",
            "shortName": "WSO2"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2025/WSO2-2024-3566/"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Follow the instructions given on \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2024/WSO2-2024-3566/#solution\"\u003ehttps://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2024/WSO2-2024-3...\u003c/a\u003e \u003cbr\u003e\u003cbr\u003e"
                }
              ],
              "value": "Follow the instructions given on  https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2024/WSO2-2024-3... https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2024/WSO2-2024-3566/#solution"
            }
          ],
          "source": {
            "advisory": "WSO2-2024-3566",
            "discovery": "EXTERNAL"
          },
          "title": "Authenticated Arbitrary File Upload in Multiple WSO2 Products via SOAP Admin Service Leading to Remote Code Execution",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ed10eef1-636d-4fbe-9993-6890dfa878f8",
        "assignerShortName": "WSO2",
        "cveId": "CVE-2024-7074",
        "datePublished": "2025-06-02T16:42:19.264Z",
        "dateReserved": "2024-07-24T12:15:52.796Z",
        "dateUpdated": "2025-06-02T17:05:49.920Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-7074 (GCVE-0-2024-7074)

    Vulnerability from cvelistv5 – Published: 2025-06-02 16:42 – Updated: 2025-06-02 17:05
    VLAI
    Title
    Authenticated Arbitrary File Upload in Multiple WSO2 Products via SOAP Admin Service Leading to Remote Code Execution
    Summary
    An arbitrary file upload vulnerability exists in multiple WSO2 products due to improper validation of user input in SOAP admin services. A malicious actor with administrative privileges can upload an arbitrary file to a user-controlled location on the server. By leveraging this vulnerability, an attacker could upload a specially crafted payload, potentially achieving remote code execution (RCE) on the server. Exploitation requires valid admin credentials, limiting its impact to authorized but potentially malicious users.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-434 - Unrestricted Upload of File with Dangerous Type
    Assigner
    References
    Impacted products
    Vendor Product Version
    WSO2 WSO2 Enterprise Integrator Unknown: 0 , < 6.0.0 (custom)
    Affected: 6.0.0 , < 6.0.0.21 (custom)
    Affected: 6.1.0 , < 6.1.0.38 (custom)
    Affected: 6.1.1 , < 6.1.1.42 (custom)
    Affected: 6.2.0 , < 6.2.0.61 (custom)
    Affected: 6.3.0 , < 6.3.0.69 (custom)
    Affected: 6.4.0 , < 6.4.0.96 (custom)
    Affected: 6.5.0 , < 6.5.0.102 (custom)
    Affected: 6.6.0 , < 6.6.0.198 (custom)
    Create a notification for this product.
    WSO2 WSO2 API Manager Unknown: 0 , < 2.0.0 (custom)
    Affected: 2.0.0 , < 2.0.0.28 (custom)
    Affected: 2.1.0 , < 2.1.0.38 (custom)
    Affected: 2.2.0 , < 2.2.0.57 (custom)
    Affected: 2.5.0 , < 2.5.0.83 (custom)
    Affected: 2.6.0 , < 2.6.0.143 (custom)
    Affected: 3.0.0 , < 3.0.0.162 (custom)
    Affected: 3.1.0 , < 3.1.0.293 (custom)
    Affected: 3.2.0 , < 3.2.0.384 (custom)
    Affected: 3.2.1 , < 3.2.1.16 (custom)
    Affected: 4.0.0 , < 4.0.0.305 (custom)
    Affected: 4.1.0 , < 4.1.0.166 (custom)
    Affected: 4.2.0 , < 4.2.0.100 (custom)
    Affected: 4.3.0 , < 4.3.0.16 (custom)
    Create a notification for this product.
    WSO2 WSO2 Enterprise Service Bus Affected: 4.9.0 , < 4.9.0.10 (custom)
    Affected: 5.0.0 , < 5.0.0.28 (custom)
    Create a notification for this product.
    WSO2 WSO2 Enterprise Mobility Manager Affected: 2.2.0 , < 2.2.0.27 (custom)
    Create a notification for this product.
    WSO2 WSO2 Micro Integrator Unknown: 0 , < 1.0.0 (custom)
    Affected: 1.0.0 , < 1.0.0.49 (custom)
    Create a notification for this product.
    WSO2 WSO2 Open Banking AM Unknown: 0 , < 1.3.0 (custom)
    Affected: 1.3.0 , < 1.3.0.132 (custom)
    Affected: 1.4.0 , < 1.4.0.135 (custom)
    Affected: 1.5.0 , < 1.5.0.137 (custom)
    Affected: 2.0.0 , < 2.0.0.342 (custom)
    Create a notification for this product.
    WSO2 WSO2 Carbon Synapse Artifact Uploader BE Affected: 4.4.10 , < 4.4.10.3 (custom)
    Affected: 4.6.1 , < 4.6.1.4 (custom)
    Affected: 4.6.6 , < 4.6.6.9 (custom)
    Affected: 4.6.10 , < 4.6.10.4 (custom)
    Affected: 4.6.16 , < 4.6.16.2 (custom)
    Affected: 4.6.19 , < 4.6.19.10 (custom)
    Affected: 4.6.64 , < 4.6.64.2 (custom)
    Affected: 4.6.67 , < 4.6.67.15 (custom)
    Affected: 4.6.89 , < 4.6.89.12 (custom)
    Affected: 4.6.105 , < 4.6.105.59 (custom)
    Affected: 4.6.150 , < 4.6.150.11 (custom)
    Affected: 4.7.20 , < 4.7.20.5 (custom)
    Affected: 4.7.30 , < 4.7.30.42 (custom)
    Affected: 4.7.35 , < 4.7.35.5 (custom)
    Affected: 4.7.61 , < 4.7.61.56 (custom)
    Affected: 4.7.99 , < 4.7.99.299 (custom)
    Affected: 4.7.131 , < 4.7.131.15 (custom)
    Affected: 4.7.175 , < 4.7.175.18 (custom)
    Affected: 4.7.188 , < 4.7.188.5 (custom)
    Affected: 4.7.204 , < 4.7.204.5 (custom)
    Unaffected: 4.7.216 , ≤ * (custom)
    Create a notification for this product.
    Credits
    Anonymous working with Trend Micro Zero Day Initiative
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-7074",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-06-02T17:04:40.480620Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-06-02T17:05:49.920Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "WSO2 Enterprise Integrator",
              "vendor": "WSO2",
              "versions": [
                {
                  "lessThan": "6.0.0",
                  "status": "unknown",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "6.0.0.21",
                  "status": "affected",
                  "version": "6.0.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "6.1.0.38",
                  "status": "affected",
                  "version": "6.1.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "6.1.1.42",
                  "status": "affected",
                  "version": "6.1.1",
                  "versionType": "custom"
                },
                {
                  "lessThan": "6.2.0.61",
                  "status": "affected",
                  "version": "6.2.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "6.3.0.69",
                  "status": "affected",
                  "version": "6.3.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "6.4.0.96",
                  "status": "affected",
                  "version": "6.4.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "6.5.0.102",
                  "status": "affected",
                  "version": "6.5.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "6.6.0.198",
                  "status": "affected",
                  "version": "6.6.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "WSO2 API Manager",
              "vendor": "WSO2",
              "versions": [
                {
                  "lessThan": "2.0.0",
                  "status": "unknown",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "2.0.0.28",
                  "status": "affected",
                  "version": "2.0.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "2.1.0.38",
                  "status": "affected",
                  "version": "2.1.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "2.2.0.57",
                  "status": "affected",
                  "version": "2.2.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "2.5.0.83",
                  "status": "affected",
                  "version": "2.5.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "2.6.0.143",
                  "status": "affected",
                  "version": "2.6.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "3.0.0.162",
                  "status": "affected",
                  "version": "3.0.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "3.1.0.293",
                  "status": "affected",
                  "version": "3.1.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "3.2.0.384",
                  "status": "affected",
                  "version": "3.2.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "3.2.1.16",
                  "status": "affected",
                  "version": "3.2.1",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.0.0.305",
                  "status": "affected",
                  "version": "4.0.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.1.0.166",
                  "status": "affected",
                  "version": "4.1.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.2.0.100",
                  "status": "affected",
                  "version": "4.2.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.3.0.16",
                  "status": "affected",
                  "version": "4.3.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "WSO2 Enterprise Service Bus",
              "vendor": "WSO2",
              "versions": [
                {
                  "lessThan": "4.9.0.10",
                  "status": "affected",
                  "version": "4.9.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "5.0.0.28",
                  "status": "affected",
                  "version": "5.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "WSO2 Enterprise Mobility Manager",
              "vendor": "WSO2",
              "versions": [
                {
                  "lessThan": "2.2.0.27",
                  "status": "affected",
                  "version": "2.2.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "WSO2 Micro Integrator",
              "vendor": "WSO2",
              "versions": [
                {
                  "lessThan": "1.0.0",
                  "status": "unknown",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "1.0.0.49",
                  "status": "affected",
                  "version": "1.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "WSO2 Open Banking AM",
              "vendor": "WSO2",
              "versions": [
                {
                  "lessThan": "1.3.0",
                  "status": "unknown",
                  "version": "0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "1.3.0.132",
                  "status": "affected",
                  "version": "1.3.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "1.4.0.135",
                  "status": "affected",
                  "version": "1.4.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "1.5.0.137",
                  "status": "affected",
                  "version": "1.5.0",
                  "versionType": "custom"
                },
                {
                  "lessThan": "2.0.0.342",
                  "status": "affected",
                  "version": "2.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "packageName": "org.wso2.carbon.mediation:org.wso2.carbon.mediation.artifactuploader",
              "product": "WSO2 Carbon Synapse Artifact Uploader BE",
              "vendor": "WSO2",
              "versions": [
                {
                  "lessThan": "4.4.10.3",
                  "status": "affected",
                  "version": "4.4.10",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.6.1.4",
                  "status": "affected",
                  "version": "4.6.1",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.6.6.9",
                  "status": "affected",
                  "version": "4.6.6",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.6.10.4",
                  "status": "affected",
                  "version": "4.6.10",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.6.16.2",
                  "status": "affected",
                  "version": "4.6.16",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.6.19.10",
                  "status": "affected",
                  "version": "4.6.19",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.6.64.2",
                  "status": "affected",
                  "version": "4.6.64",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.6.67.15",
                  "status": "affected",
                  "version": "4.6.67",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.6.89.12",
                  "status": "affected",
                  "version": "4.6.89",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.6.105.59",
                  "status": "affected",
                  "version": "4.6.105",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.6.150.11",
                  "status": "affected",
                  "version": "4.6.150",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.7.20.5",
                  "status": "affected",
                  "version": "4.7.20",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.7.30.42",
                  "status": "affected",
                  "version": "4.7.30",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.7.35.5",
                  "status": "affected",
                  "version": "4.7.35",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.7.61.56",
                  "status": "affected",
                  "version": "4.7.61",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.7.99.299",
                  "status": "affected",
                  "version": "4.7.99",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.7.131.15",
                  "status": "affected",
                  "version": "4.7.131",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.7.175.18",
                  "status": "affected",
                  "version": "4.7.175",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.7.188.5",
                  "status": "affected",
                  "version": "4.7.188",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.7.204.5",
                  "status": "affected",
                  "version": "4.7.204",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "*",
                  "status": "unaffected",
                  "version": "4.7.216",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Anonymous working with Trend Micro Zero Day Initiative"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An arbitrary file upload vulnerability exists in multiple WSO2 products due to improper validation of user input in SOAP admin services. A malicious actor with administrative privileges can upload an arbitrary file to a user-controlled location on the server.\u003cbr\u003e\u003cbr\u003eBy leveraging this vulnerability, an attacker could upload a specially crafted payload, potentially achieving remote code execution (RCE) on the server. Exploitation requires valid admin credentials, limiting its impact to authorized but potentially malicious users.\u003cbr\u003e"
                }
              ],
              "value": "An arbitrary file upload vulnerability exists in multiple WSO2 products due to improper validation of user input in SOAP admin services. A malicious actor with administrative privileges can upload an arbitrary file to a user-controlled location on the server.\n\nBy leveraging this vulnerability, an attacker could upload a specially crafted payload, potentially achieving remote code execution (RCE) on the server. Exploitation requires valid admin credentials, limiting its impact to authorized but potentially malicious users."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-434",
                  "description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-06-02T16:42:19.264Z",
            "orgId": "ed10eef1-636d-4fbe-9993-6890dfa878f8",
            "shortName": "WSO2"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2025/WSO2-2024-3566/"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Follow the instructions given on \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2024/WSO2-2024-3566/#solution\"\u003ehttps://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2024/WSO2-2024-3...\u003c/a\u003e \u003cbr\u003e\u003cbr\u003e"
                }
              ],
              "value": "Follow the instructions given on  https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2024/WSO2-2024-3... https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2024/WSO2-2024-3566/#solution"
            }
          ],
          "source": {
            "advisory": "WSO2-2024-3566",
            "discovery": "EXTERNAL"
          },
          "title": "Authenticated Arbitrary File Upload in Multiple WSO2 Products via SOAP Admin Service Leading to Remote Code Execution",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ed10eef1-636d-4fbe-9993-6890dfa878f8",
        "assignerShortName": "WSO2",
        "cveId": "CVE-2024-7074",
        "datePublished": "2025-06-02T16:42:19.264Z",
        "dateReserved": "2024-07-24T12:15:52.796Z",
        "dateUpdated": "2025-06-02T17:05:49.920Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }