CVE-2024-7487
5.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N
Summary
An improper authentication vulnerability exists in WSO2 Identity Server 7.0.0 due to an implementation flaw that allows app-native authentication to be bypassed when an invalid object is passed.
Exploitation of this vulnerability could enable malicious actors to circumvent the client verification mechanism, compromising the integrity of the authentication process.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| WSO2 | WSO2 Identity Server | 7.0.0 < 7.0.0.65 | affected |
| WSO2 | Client Attestation Filter | 7.0.26 < 7.0.26.24 | affected |
| WSO2 | Client Attestation Filter | 7.0.51 <= * | unaffected |
| WSO2 | WSO2 Carbon Identity Client Attestation Met Data Mgt BE | 7.0.78 < 7.0.78.44 | affected |
| WSO2 | WSO2 Carbon Identity Client Attestation Met Data Mgt BE | 7.1.30 <= * | unaffected |
Weaknesses
- CWE-287: CWE-287 Improper Authentication
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: yes
- Technical Impact: partial
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.