CVE-2024-3511
published 2025-06-23CVE-2024-3511: An incorrect authorization vulnerability exists in multiple WSO2 products that allows unauthorized access to versioned files stored in the registry. Due to…
PriorityP422medium4.3CVSS 3.1
AVAACLPRNUINSUCLINAN
EPSS
0.17%
7.1th percentile
An incorrect authorization vulnerability exists in multiple WSO2 products that allows unauthorized access to versioned files stored in the registry. Due to flawed authorization logic, a malicious actor with access to the management console can exploit a specific bypass method to retrieve versioned files without proper authorization.
Successful exploitation of this vulnerability could lead to unauthorized disclosure of configuration or resource files that may be stored as registry versions, potentially aiding further attacks or system reconnaissance.
Affected
43 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| wso2 | api_manager | — | — |
| wso2 | api_manager | — | — |
| wso2 | api_manager | — | — |
| wso2 | api_manager | — | — |
| wso2 | api_manager | — | — |
| wso2 | api_manager | — | — |
| wso2 | enterprise_integrator | — | — |
| wso2 | identity_server | — | — |
| wso2 | identity_server | — | — |
| wso2 | identity_server | — | — |
| wso2 | identity_server | — | — |
| wso2 | identity_server | — | — |
| wso2 | identity_server_as_key_manager | — | — |
| wso2 | open_banking_am | — | — |
| wso2 | open_banking_iam | — | — |
| wso2 | wso2_api_manager | >= 3.1.0 < 3.1.0.273 | 3.1.0.273 |
| wso2 | wso2_api_manager | >= 3.2.0 < 3.2.0.361 | 3.2.0.361 |
| wso2 | wso2_api_manager | >= 3.2.1 < 3.2.1.13 | 3.2.1.13 |
| wso2 | wso2_api_manager | >= 4.0.0 < 4.0.0.306 | 4.0.0.306 |
| wso2 | wso2_api_manager | >= 4.1.0 < 4.1.0.163 | 4.1.0.163 |
| wso2 | wso2_api_manager | >= 4.2.0 < 4.2.0.98 | 4.2.0.98 |
| wso2 | wso2_api_manager | >= 4.3.0 < 4.3.0.17 | 4.3.0.17 |
| wso2 | wso2_carbon_user_manager_kernel | >= 4.10.9 < 4.10.9.8 | 4.10.9.8 |
| wso2 | wso2_carbon_user_manager_kernel | >= 4.5.0 < 4.5.0.5 | 4.5.0.5 |
| wso2 | wso2_carbon_user_manager_kernel | >= 4.5.3 < 4.5.3.35 | 4.5.3.35 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2025-06-23
Published