cbcvebase.
CVE-2024-3511
published 2025-06-23

CVE-2024-3511: An incorrect authorization vulnerability exists in multiple WSO2 products that allows unauthorized access to versioned files stored in the registry. Due to…

PriorityP422medium4.3CVSS 3.1
AVAACLPRNUINSUCLINAN
EPSS
0.17%
7.1th percentile
An incorrect authorization vulnerability exists in multiple WSO2 products that allows unauthorized access to versioned files stored in the registry. Due to flawed authorization logic, a malicious actor with access to the management console can exploit a specific bypass method to retrieve versioned files without proper authorization. Successful exploitation of this vulnerability could lead to unauthorized disclosure of configuration or resource files that may be stored as registry versions, potentially aiding further attacks or system reconnaissance.

Affected

43 ranges· showing 25
VendorProductVersion rangeFixed in
wso2api_manager
wso2api_manager
wso2api_manager
wso2api_manager
wso2api_manager
wso2api_manager
wso2enterprise_integrator
wso2identity_server
wso2identity_server
wso2identity_server
wso2identity_server
wso2identity_server
wso2identity_server_as_key_manager
wso2open_banking_am
wso2open_banking_iam
wso2wso2_api_manager>= 3.1.0 < 3.1.0.2733.1.0.273
wso2wso2_api_manager>= 3.2.0 < 3.2.0.3613.2.0.361
wso2wso2_api_manager>= 3.2.1 < 3.2.1.133.2.1.13
wso2wso2_api_manager>= 4.0.0 < 4.0.0.3064.0.0.306
wso2wso2_api_manager>= 4.1.0 < 4.1.0.1634.1.0.163
wso2wso2_api_manager>= 4.2.0 < 4.2.0.984.2.0.98
wso2wso2_api_manager>= 4.3.0 < 4.3.0.174.3.0.17
wso2wso2_carbon_user_manager_kernel>= 4.10.9 < 4.10.9.84.10.9.8
wso2wso2_carbon_user_manager_kernel>= 4.5.0 < 4.5.0.54.5.0.5
wso2wso2_carbon_user_manager_kernel>= 4.5.3 < 4.5.3.354.5.3.35
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.