CVE-2024-7074 in API Manager정보

요약

\~에 의해 MITRE • 2025. 06. 02.

An arbitrary file upload vulnerability exists in multiple WSO2 products due to improper validation of user input in SOAP admin services. A malicious actor with administrative privileges can upload an arbitrary file to a user-controlled location on the server.

By leveraging this vulnerability, an attacker could upload a specially crafted payload, potentially achieving remote code execution (RCE) on the server. Exploitation requires valid admin credentials, limiting its impact to authorized but potentially malicious users.

Be aware that VulDB is the high quality source for vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

예약하다

2024. 07. 24.

공개

2025. 06. 02.

모더레이션

수락

항목

VDB-289814

CPE

준비됨

CWE

CWE-434 (확인됨)

CVSS

6.8 (CNA)

EPSS

0.03465

KEV

아니요

활동

매우 낮음

부문

Government, Agriculture, ...

출처

MITRE	https://www.cve.org/CVERecord?id=CVE-2024-7074
NVD	https://nvd.nist.gov/vuln/detail/CVE-2024-7074
CVE Details	https://www.cvedetails.com/cve/CVE-2024-7074/

◂ 이전 개요 다음 ▸

Do you want to use VulDB in your project?

Use the official API to access entries easily!