CVE-2024-7097

High PUBLISHED

Incorrect Authorization in Multiple WSO2 Products via SOAP Admin Service Allowing Unauthorized User Signup

WSO2 · WSO2 Open Banking AM, WSO2 Open Banking KM, WSO2 Identity Server as Key Manager, WSO2 API Manager, WSO2 Identity Server, WSO2 Open Banking IAM, WSO2 Enterprise Mobility Manager

Not yet in CISA KEV

Exploited in the wild PoC available

Recommended Action

Prioritize remediation. Validate affected assets and apply vendor fixes on an accelerated timeline.

Confidence
High
Exploitation Status
Exploited in the wild
Observed in Sensors
No
Attempts (30d)
Unique Attacker IPs
CISA KEV
Not yet in CISA KEV
CVSS / EPSS
4.3 Medium EPSS 25.1%

At a Glance

An incorrect authorization vulnerability exists in multiple WSO2 products due to a flaw in the SOAP admin service, which allows user account creation regardless of the self-registration configuration settings. This vulnerability enables malicious actors to create new user accounts without proper authorization. Exploitation of this flaw could allow an attacker to create multiple low-privileged user accounts, gaining unauthorized access to the system. Additionally, continuous exploitation could lead to system resource exhaustion through mass user creation.

nuclei_scanner
CVE Published
May 30, 2025
Exploitation Reported
May 30, 2025
CVSS
4.3 Medium
EPSS
25.1%
Low complexity No user interaction Unauthenticated

Affected Versions

42 version rows · page 1 of 2

Vendor Product Version Status
WSO2
WSO2 Open Banking AM

1.3.0 to < 1.3.0.131

Affected
WSO2
WSO2 Open Banking AM

1.4.0 to < 1.4.0.134

Affected
WSO2
WSO2 Open Banking AM

1.5.0 to < 1.5.0.136

Affected
WSO2
WSO2 Open Banking AM

2.0.0 to < 2.0.0.343

Affected
WSO2
WSO2 Open Banking KM

1.3.0 to < 1.3.0.114

Affected
WSO2
WSO2 Open Banking KM

1.4.0 to < 1.4.0.130

Affected
WSO2
WSO2 Open Banking KM

1.5.0 to < 1.5.0.120

Affected
WSO2
WSO2 Identity Server as Key Manager

5.3.0 to < 5.3.0.38

Affected
WSO2
WSO2 Identity Server as Key Manager

5.5.0 to < 5.5.0.51

Affected
WSO2
WSO2 Identity Server as Key Manager

5.6.0 to < 5.6.0.72

Affected
WSO2
WSO2 Identity Server as Key Manager

5.7.0 to < 5.7.0.122

Affected
WSO2
WSO2 Identity Server as Key Manager

5.9.0 to < 5.9.0.165

Affected
WSO2
WSO2 Identity Server as Key Manager

5.10.0 to < 5.10.0.312

Affected
WSO2
WSO2 API Manager

2.0.0 to < 2.0.0.29

Affected
WSO2
WSO2 API Manager

2.1.0 to < 2.1.0.39

Affected
WSO2
WSO2 API Manager

2.2.0 to < 2.2.0.56

Affected
WSO2
WSO2 API Manager

2.5.0 to < 2.5.0.83

Affected
WSO2
WSO2 API Manager

2.6.0 to < 2.6.0.142

Affected
WSO2
WSO2 API Manager

3.0.0 to < 3.0.0.162

Affected
WSO2
WSO2 API Manager

3.1.0 to < 3.1.0.294

Affected
WSO2
WSO2 API Manager

3.2.0 to < 3.2.0.384

Affected
WSO2
WSO2 API Manager

3.2.1 to < 3.2.1.16

Affected
WSO2
WSO2 API Manager

4.0.0 to < 4.0.0.305

Affected
WSO2
WSO2 API Manager

4.1.0 to < 4.1.0.166

Affected
WSO2
WSO2 API Manager

4.2.0 to < 4.2.0.101

Affected

Recommended Actions

  • Prioritize remediation. Validate affected assets and apply vendor fixes on an accelerated timeline.
  • Check enrichment artifacts for scanner coverage and available PoCs before rolling remediation validation.
  • Use the Pro API to automate enrichment, telemetry, and workflow delivery for VM, SOC, and CTI pipelines.