WSO2 Enterprise Integrator Cross-Site Request Forgery Vulnerability in Management Console

A Cross-Site Request Forgery (CSRF) vulnerability has been identified in the management console of WSO2 Enterprise Integrator version 6.6.0. The vulnerability arises from a lack of CSRF token validation, allowing attackers to create malicious requests that can initiate state-changing actions on behalf of an authenticated user. This could lead to unauthorized modifications of account settings and data integrity. The issue is limited to a small number of state-changing operations, and successful exploitation would require social engineering to persuade a user with management console access to execute the harmful action.

Impact

Exploitation of this vulnerability could result in unauthorized state changes within the application, potentially allowing attackers to manipulate account settings and disrupt data integrity.