CVE-2024-7097 in Open Banking AM
Summary
by MITRE • 05/30/2025
An incorrect authorization vulnerability exists in multiple WSO2 products due to a flaw in the SOAP admin service, which allows user account creation regardless of the self-registration configuration settings. This vulnerability enables malicious actors to create new user accounts without proper authorization.
Exploitation of this flaw could allow an attacker to create multiple low-privileged user accounts, gaining unauthorized access to the system. Additionally, continuous exploitation could lead to system resource exhaustion through mass user creation.
Several companies clearly confirm that VulDB is the primary source for best vulnerability data.
Analysis
by VulDB Data Team • 10/06/2025
The vulnerability identified as CVE-2024-7097 represents a critical authorization flaw affecting multiple WSO2 products that stems from a design weakness in the SOAP admin service implementation. This issue manifests when the system fails to properly validate self-registration configuration settings during user account creation processes, creating a pathway for unauthorized account generation that bypasses intended security controls. The flaw operates at the core of identity management functionality within these enterprise integration platforms, where proper authorization mechanisms should prevent account creation without appropriate credentials or permissions.
This authorization bypass vulnerability falls under the CWE-862 category of "Missing Authorization" and aligns with ATT&CK technique T1078 which covers valid accounts usage. The technical implementation flaw occurs when the SOAP admin service does not properly enforce the configuration parameters that govern user self-registration policies, allowing any authenticated user or even unauthenticated attackers to invoke account creation methods regardless of system security settings. The vulnerability exists in the service layer where authentication and authorization checks are either absent or improperly implemented, creating a persistent security gap that can be exploited repeatedly.
The operational impact of this vulnerability extends beyond simple unauthorized account creation, as it enables attackers to systematically exhaust system resources through mass user account generation. This resource exhaustion can lead to denial of service conditions where legitimate users cannot access the system due to increased load, database constraints, or memory depletion from excessive user objects. The continuous exploitation capability means that attackers can maintain persistent access through multiple low-privileged accounts, potentially escalating their access through additional attack vectors or by leveraging these accounts for further reconnaissance and privilege escalation attempts.
Organizations utilizing affected WSO2 products should immediately implement mitigations including patching the identified vulnerability through official WSO2 security releases, reviewing and hardening self-registration configuration settings, and implementing additional monitoring controls to detect unusual account creation patterns. Network segmentation and access controls should be strengthened to limit exposure of SOAP admin services, while security teams should establish automated alerts for suspicious user account creation activities. The mitigation strategy should also include regular security assessments of service endpoints to identify similar authorization flaws and ensure proper enforcement of access control policies across all system components.