CVE-2024-7487

Summary

An improper authentication vulnerability exists in WSO2 Identity Server 7.0.0 due to an implementation flaw that allows app-native authentication to be bypassed when an invalid object is passed.

Exploitation of this vulnerability could enable malicious actors to circumvent the client verification mechanism, compromising the integrity of the authentication process.

Affected Software

VendorProductVersion RangeStatus
WSO2WSO2 Identity Server7.0.0 < 7.0.0.65affected
WSO2Client Attestation Filter7.0.26 < 7.0.26.24affected
WSO2Client Attestation Filter7.0.51 <= *unaffected
WSO2WSO2 Carbon Identity Client Attestation Met Data Mgt BE7.0.78 < 7.0.78.44affected
WSO2WSO2 Carbon Identity Client Attestation Met Data Mgt BE7.1.30 <= *unaffected

Weaknesses

  • CWE-287: CWE-287 Improper Authentication

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References