CVE-2024-1524
published 2026-02-24CVE-2024-1524: When the "Silent Just-In-Time Provisioning" feature is enabled for a federated identity provider (IDP) there is a risk that a local user store user's…
PriorityP349high8.1CVSS 3.1
AVNACHPRNUINSUCHIHAH
EPSS
0.26%
17.4th percentile
When the "Silent Just-In-Time Provisioning" feature is enabled for a federated identity provider (IDP) there is a risk that a local user store user's information may be replaced during the account provisioning process in cases where federated users share the same username as local users.
There will be no impact on your deployment if any of the preconditions mentioned below are not met. Only when all the preconditions mentioned below are fulfilled could a malicious actor associate a targeted local user account with a federated IDP user account that they control.
The Deployment should have:
-An IDP configured for federated authentication with Silent JIT provisioning enabled.
The malicious actor should have:
-A fresh valid user account in the federated IDP that has not been used earlier.
-Knowledge of the username of a valid user in the local IDP.
-An account at the federated IDP matching the targeted local username.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| wso2 | api_manager | >= 4.2.0 < 4.2.0.108 | 4.2.0.108 |
| wso2 | identity_server | >= 6.0.0 < 6.0.0.171 | 6.0.0.171 |
| wso2 | identity_server | >= 6.1.0 < 6.1.0.128 | 6.1.0.128 |
| wso2 | wso2_api_manager | >= 4.2.0 < 4.2.0.108 | 4.2.0.108 |
| wso2 | wso2_identity_server | >= 6.0.0 < 6.0.0.171 | 6.0.0.171 |
| wso2 | wso2_identity_server | >= 6.1.0 < 6.1.0.128 | 6.1.0.128 |
CVSS provenance
nvdv3.18.1HIGHCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
vendor_redhat5.5MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-p4xj-mrqw-g3f3: When the "Silent Just-In-Time Provisioning" feature is enabled for a federated identity provider (IDP) there is a risk that a local user store user's
ghsa_unreviewed·2026-02-24
CVE-2024-1524 [HIGH] CWE-290 GHSA-p4xj-mrqw-g3f3: When the "Silent Just-In-Time Provisioning" feature is enabled for a federated identity provider (IDP) there is a risk that a local user store user's
When the "Silent Just-In-Time Provisioning" feature is enabled for a federated identity provider (IDP) there is a risk that a local user store user's information may be replaced during the account provisioning process in cases where federated users share the same username as local users.
There will be no impact on your deployment if any of the preconditions mentioned below are not met. Only when all the preconditions mentioned below are fulfilled could a malicious actor associate a targeted local user account with a federated IDP user account that they control.
The Deployment should have:
-An IDP configured for federated authentication with Silent JIT provisioning enabled.
The malicious actor should have:
-A fresh valid user account in the federated IDP that has not been used earlier.
-
Red Hat
kernel: scsi: fnic: Move flush_work initialization out of if block
vendor_redhat·2024-10-21·CVSS 5.5
CVE-2024-50025 [MEDIUM] CWE-665 kernel: scsi: fnic: Move flush_work initialization out of if block
kernel: scsi: fnic: Move flush_work initialization out of if block
In the Linux kernel, the following vulnerability has been resolved:
scsi: fnic: Move flush_work initialization out of if block
After commit 379a58caa199 ("scsi: fnic: Move fnic_fnic_flush_tx() to a
work queue"), it can happen that a work item is sent to an uninitialized
work queue. This may has the effect that the item being queued is never
actually queued, and any further actions depending on it will not
proceed.
The following warning is observed while the fnic driver is loaded:
kernel: WARNING: CPU: 11 PID: 0 at ../kernel/workqueue.c:1524 __queue_work+0x373/0x410
kernel:
kernel: queue_work_on+0x3a/0x50
kernel: fnic_wq_copy_cmpl_handler+0x54a/0x730 [fnic 62fbff0c42e7fb825c60a55cde2fb91facb2ed24]
kernel: fnic_isr_msix_wq_c
No detection rules found.
No public exploits indexed.
Wiz
CVE-2025-12107 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.7
CVE-2025-12107 [HIGH] CVE-2025-12107 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-12107 :
WSO2 Identity Server vulnerability analysis and mitigation
Due to the use of a vulnerable third-party Velocity template engine, a malicious actor with admin privilege may inject and execute arbitrary template syntax within server-side templates.
Successful exploitation of this vulnerability could allow a malicious actor with admin privilege to inject and execute arbitrary template code on the server, potentially leading to remote code execution, data manipulation, or unauthorized access to sensitive information.
Source : NVD
## 7.2
Score
Published February 19, 2026
Severity HIGH
CNA Score 8.4
Affected Technologies
WSO2 Identity Server
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability
Wiz
CVE-2024-1524 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.7
CVE-2024-1524 [HIGH] CVE-2024-1524 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2024-1524 :
WSO2 API Manager vulnerability analysis and mitigation
When the "Silent Just-In-Time Provisioning" feature is enabled for a federated identity provider (IDP) there is a risk that a local user store user's information may be replaced during the account provisioning process in cases where federated users share the same username as local users.
There will be no impact on your deployment if any of the preconditions mentioned below are not met. Only when all the preconditions mentioned below are fulfilled could a malicious actor associate a targeted local user account with a federated IDP user account that they control.
The Deployment should have:
-An IDP configured for federated authentication with Silent JIT provisioning enabled.
The malicious actor should have:
-A fre
2026-02-24
Published