Description
An arbitrary file upload vulnerability exists in multiple WSO2 products due to improper validation of user-supplied filenames in the BPEL uploader SOAP service endpoint. A malicious actor with administrative privileges can upload arbitrary files to a user-controlled location on the server. By leveraging this vulnerability, an attacker can upload a specially crafted payload and achieve remote code execution (RCE), potentially compromising the server and its data.
CVSS breakdown
CVSS 3.1
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
Low
Affected products
- WSO2 / WSO2 Enterprise Integrator6.6.0 – 6.6.0.215
- WSO2 / WSO2 Identity Server0 – 5.10.0
- WSO2 / WSO2 Identity Server5.10.0 – 5.10.0.347
- WSO2 / WSO2 Identity Server5.11.0 – 5.11.0.396
- WSO2 / WSO2 Identity Server6.1.0 – 6.1.0.224
- WSO2 / WSO2 Identity Server6.0.0 – 6.0.0.232
- WSO2 / WSO2 Identity Server as Key Manager0 – 5.10.0
- WSO2 / WSO2 Identity Server as Key Manager5.10.0 – 5.10.0.340
- WSO2 / WSO2 Open Banking IAM2.0.0 – 2.0.0.391