漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Improper Privilege Management in Multiple WSO2 API Manager via keymanager-operations DCR Endpoint
Vulnerability Description
An improper privilege management vulnerability exists in WSO2 API Manager due to missing authentication and authorization checks in the keymanager-operations Dynamic Client Registration (DCR) endpoint. A malicious user can exploit this flaw to generate access tokens with elevated privileges, potentially leading to administrative access and the ability to perform unauthorized operations.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
N/A
Vulnerability Title
WSO2 API Manager和WSO2 API Control Plane 安全漏洞
Vulnerability Description
WSO2 API Manager和WSO2 API Control Plane都是美国WSO2公司的产品。WSO2 API Manager是一套API生命周期管理解决方案。WSO2 API Control Plane是一个控制面板。 WSO2 API Manager和WSO2 API Control Plane存在安全漏洞,该漏洞源于keymanager-operations Dynamic Client Registration端点缺少身份验证和授权检查,可能导致权限提升攻击。
CVSS Information
N/A
Vulnerability Type
N/A