Potential Broken Access Control in Multiple WSO2 Products via System REST APIs

Due to an insufficient access control implementation in multiple WSO2 Products, authentication and authorization checks for certain REST APIs can be bypassed, allowing them to be invoked without proper validation. Successful exploitation of this vulnerability could lead to a malicious actor gaining administrative access and performing unauthenticated and unauthorized administrative operations.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

N/A

WSO2多款产品 安全漏洞

WSO2 API Manager等都是美国WSO2公司的产品。WSO2 API Manager是一套API生命周期管理解决方案。WSO2 Identity Server（IS）是一款身份认证服务器。WSO2 API Control Plane是一个控制面板。 WSO2多款产品存在安全漏洞，该漏洞源于访问控制实现不足，可能导致绕过身份验证和授权检查，执行未经授权的管理操作。以下产品受到影响：WSO2 API Control Plane、WSO2 API Manager、WSO2 Identity Serve

N/A

N/A