Wso2 Vulnérabilités

Chronologie

Taper

Automation Software	38
Not Defined	22
Forum Software	3
Programming Language Software	1

Produit

WSO2 API Manager	37
WSO2 IS as Key Manager	22
WSO2 Identity Server	22
WSO2 Enterprise Integrator	17
WSO2 API Microgateway	11

Contre-mesures

Official Fix	17
Temporary Fix	0
Workaround	0
Unavailable	0
Not Defined	47

Exploitabilité

High	1
Functional	0
Proof-of-Concept	7
Unproven	0
Not Defined	56

Vecteur d'accès

Not Defined	0
Physical	0
Local	0
Adjacent	2
Network	62

Authentification

Not Defined	0
High	18
Low	22
None	24

Interaction de l'utilisateur

Not Defined	0
Required	46
None	18

C3BM Index

CVSSv3 Base

≤1	0
≤2	0
≤3	0
≤4	9
≤5	22
≤6	20
≤7	4
≤8	5
≤9	3
≤10	1

CVSSv3 Temp

≤1	0
≤2	0
≤3	0
≤4	9
≤5	23
≤6	20
≤7	3
≤8	5
≤9	3
≤10	1

VulDB

≤1	0
≤2	0
≤3	8
≤4	17
≤5	20
≤6	6
≤7	6
≤8	5
≤9	1
≤10	1

NVD

≤1	0
≤2	0
≤3	0
≤4	6
≤5	9
≤6	11
≤7	20
≤8	2
≤9	5
≤10	3

CNA

≤1	0
≤2	0
≤3	0
≤4	8
≤5	7
≤6	1
≤7	4
≤8	0
≤9	1
≤10	1

Fournisseur

≤1	0
≤2	0
≤3	0
≤4	0
≤5	0
≤6	0
≤7	0
≤8	0
≤9	0
≤10	0

Research

≤1	0
≤2	0
≤3	0
≤4	0
≤5	0
≤6	0
≤7	0
≤8	0
≤9	0
≤10	0

Exploiter 0 jour

<1k	23
<2k	31
<5k	10
<10k	0
<25k	0
<50k	0
<100k	0
≥100k	0

Exploiter aujourd'hui

<1k	63
<2k	0
<5k	1
<10k	0
<25k	0
<50k	0
<100k	0
≥100k	0

Exploiter le volume du marché

🔴 CTI Activités

Affected Products (26): API Manager (37), API Manager Analytics (10), API Microgateway (11), API manager (1), Business Process Server (1), Business Rules Server (1), Carbon (3), Complex Event Processor (1), Dashboard Server (3), Data Analytics Server (8), Data Services Server (1), Enterprise Integrator (17), IS as Key Manager (22), IS as a Key Manager (1), Identity Server (22), Identity Server Analytics (10), Identity Server as Key Manager (1), IoT Server (5), Machine Learner (1), Management Console (1), Message Broker (1), Micro Integrator (1), SOA Enablement Server for Java (1), WSO2 Micro Integrator (1), carbon-registry (2), transport-http (1)

Publié	Base	Temp	Vulnérabilité	Prod	Exp	Con	EPSS	CTI	CVE
18/12/2023	3.6	3.5	WSO2 API Manager Management Console cross site scripting	Automation Software	Not Defined	Official Fix	0.00045	0.00	CVE-2023-6911
15/12/2023	5.3	5.2	WSO2 API Manager REST API divulgation de l'information	Automation Software	Not Defined	Official Fix	0.00046	0.02	CVE-2023-6839
15/12/2023	5.2	5.1	WSO2 API Manager/Identity Server/IS as Key Manager Authentication Endpoint cross site scripting	Automation Software	Not Defined	Official Fix	0.00046	0.04	CVE-2023-6838
15/12/2023	4.6	4.6	WSO2 API Manager/IoT Server Forum API Rating elévation de privilèges	Automation Software	Not Defined	Official Fix	0.00046	0.00	CVE-2023-6835
15/12/2023	8.0	7.9	WSO2 API Manager/Identity Server/IS as Key Manager JIT Provisioning authentification faible	Automation Software	Not Defined	Official Fix	0.00050	0.00	CVE-2023-6837
15/12/2023	5.9	5.8	WSO2 API Manager XML External Entity	Automation Software	Not Defined	Official Fix	0.00087	0.00	CVE-2023-6836
23/05/2023	4.8	4.7	WSO2 API Manager login.do cross site scripting	Automation Software	Not Defined	Official Fix	0.00062	0.03	CVE-2023-31664
15/12/2022	4.4	4.3	WSO2 carbon-registry Request Parameter cross site scripting	Inconnue	Not Defined	Official Fix	0.00080	0.29	CVE-2022-4521
15/12/2022	4.4	4.3	WSO2 carbon-registry Advanced Search advancedSearchForm-ajaxprocessor.jsp cross site scripting	Inconnue	Not Defined	Official Fix	0.00083	0.13	CVE-2022-4520
10/09/2022	4.8	4.8	WSO2 Enterprise Integrator Management Console ajaxprocessor.jsp cross site scripting	Inconnue	Not Defined	Not Defined	0.00072	0.00	CVE-2022-39809

54 plus d'entrées ne sont pas affichées

🔒 Login Required

You need to signup and login to see more of the remaining 54 results.

◂ PrécédentAperçuSuivant ▸

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!