Wso2 Luki w zabezpieczeniach

Oś czasu

Rodzaj

Automation Software	38
Not Defined	22
Forum Software	3
Programming Language Software	1

Produkt

WSO2 API Manager	37
WSO2 IS as Key Manager	22
WSO2 Identity Server	22
WSO2 Enterprise Integrator	17
WSO2 API Microgateway	11

Przeciwdziałanie

Official Fix	17
Temporary Fix	0
Workaround	0
Unavailable	0
Not Defined	47

Wykorzystywanie

High	0
Functional	0
Proof-of-Concept	7
Unproven	0
Not Defined	57

Wektor dostępu

Not Defined	0
Physical	0
Local	0
Adjacent	2
Network	62

Uwierzytelnianie

Not Defined	0
High	18
Low	22
None	24

Interakcja z użytkownikiem

Not Defined	0
Required	46
None	18

C3BM Index

CVSSv3 Base

≤1	0
≤2	0
≤3	0
≤4	9
≤5	22
≤6	20
≤7	4
≤8	5
≤9	3
≤10	1

CVSSv3 Temp

≤1	0
≤2	0
≤3	0
≤4	9
≤5	23
≤6	20
≤7	3
≤8	5
≤9	3
≤10	1

VulDB

≤1	0
≤2	0
≤3	8
≤4	17
≤5	20
≤6	6
≤7	6
≤8	5
≤9	1
≤10	1

NVD

≤1	0
≤2	0
≤3	0
≤4	6
≤5	9
≤6	11
≤7	20
≤8	2
≤9	5
≤10	3

CNA

≤1	0
≤2	0
≤3	0
≤4	8
≤5	7
≤6	1
≤7	4
≤8	0
≤9	1
≤10	1

Sprzedawca

≤1	0
≤2	0
≤3	0
≤4	0
≤5	0
≤6	0
≤7	0
≤8	0
≤9	0
≤10	0

Research

≤1	0
≤2	0
≤3	0
≤4	0
≤5	0
≤6	0
≤7	0
≤8	0
≤9	0
≤10	0

Exploit 0-day

<1k	23
<2k	31
<5k	10
<10k	0
<25k	0
<50k	0
<100k	0
≥100k	0

Wykorzystaj dzisiaj

<1k	63
<2k	1
<5k	0
<10k	0
<25k	0
<50k	0
<100k	0
≥100k	0

Wykorzystaj wielkość rynku

🔴 CTI Zajęcia

Affected Products (26): API Manager (37), API Manager Analytics (10), API Microgateway (11), API manager (1), Business Process Server (1), Business Rules Server (1), Carbon (3), Complex Event Processor (1), Dashboard Server (3), Data Analytics Server (8), Data Services Server (1), Enterprise Integrator (17), IS as Key Manager (22), IS as a Key Manager (1), Identity Server (22), Identity Server Analytics (10), Identity Server as Key Manager (1), IoT Server (5), Machine Learner (1), Management Console (1), Message Broker (1), Micro Integrator (1), SOA Enablement Server for Java (1), WSO2 Micro Integrator (1), carbon-registry (2), transport-http (1)

Opublikowano	Base	Temp	Słaby punkt	Prod	Wyk	Prz	EPSS	CTI	CVE
2023-12-18	3.6	3.5	WSO2 API Manager Management Console cross site scripting	Automation Software	Not Defined	Official Fix	0.00045	0.00	CVE-2023-6911
2023-12-15	5.3	5.2	WSO2 API Manager REST API information disclosure	Automation Software	Not Defined	Official Fix	0.00046	0.02	CVE-2023-6839
2023-12-15	5.2	5.1	WSO2 API Manager/Identity Server/IS as Key Manager Authentication Endpoint cross site scripting	Automation Software	Not Defined	Official Fix	0.00046	0.00	CVE-2023-6838
2023-12-15	4.6	4.6	WSO2 API Manager/IoT Server Forum API Rating privilege escalation	Automation Software	Not Defined	Official Fix	0.00046	0.00	CVE-2023-6835
2023-12-15	8.0	7.9	WSO2 API Manager/Identity Server/IS as Key Manager JIT Provisioning weak authentication	Automation Software	Not Defined	Official Fix	0.00050	0.00	CVE-2023-6837
2023-12-15	5.9	5.8	WSO2 API Manager XML External Entity	Automation Software	Not Defined	Official Fix	0.00087	0.00	CVE-2023-6836
2023-05-23	4.8	4.7	WSO2 API Manager login.do cross site scripting	Automation Software	Not Defined	Official Fix	0.00052	0.03	CVE-2023-31664
2022-12-15	4.4	4.3	WSO2 carbon-registry Request Parameter cross site scripting	Nieznany	Not Defined	Official Fix	0.00080	0.12	CVE-2022-4521
2022-12-15	4.4	4.3	WSO2 carbon-registry Advanced Search advancedSearchForm-ajaxprocessor.jsp cross site scripting	Nieznany	Not Defined	Official Fix	0.00083	0.09	CVE-2022-4520
2022-09-10	4.8	4.8	WSO2 Enterprise Integrator Management Console ajaxprocessor.jsp cross site scripting	Nieznany	Not Defined	Not Defined	0.00072	0.00	CVE-2022-39809

54 więcej wpisów nie jest pokazywanych

🔒 Login Required

You need to signup and login to see more of the remaining 54 results.

◂ PoprzedniPrzeglądKolejny ▸

Want to stay up to date on a daily basis?

Enable the mail alert feature now!