CVE-2023-6835

Summary

Multiple WSO2 products have been identified as vulnerable due to lack of server-side input validation in the Forum feature, API rating could be manipulated.

Affected Software

VendorProductVersion RangeStatus
WSO2WSO2 API Manager0 < 2.2.0.0unknown
WSO2WSO2 API Manager2.2.0.0 < 2.2.0.16affected
WSO2WSO2 API Manager2.5.0.0 < 2.5.0.17affected
WSO2WSO2 API Manager2.6.0.0 < 2.6.0.24affected
WSO2WSO2 IoT Server0 < 3.3.1.0unknown
WSO2WSO2 IoT Server3.3.1.0 < 3.3.1.17affected

Weaknesses

  • CWE-20: CWE-20 Improper Input Validation

ADP Enrichment

CVE Program Container

Additional References

References