WSO2 Identity Server
Moderate fix14 remedies
cpe:2.3:a:wso2:identity_server:*:*:*:*:*:*:*
Moderate fix14 remedies
- 7.0.0
- 6.1.0
- 6.0.0
- 5.11.0
- 5.10.0
- 5.9.0
- 5.8.0
- 5.7.0
- 5.6.0
- 5.5.0
- 5.4.1
- 5.4.0
- 5.3.0
- 5.2.0
WSO2 Products Server-Side Request Forgery Vulnerability in SOAP Admin Services
Vulnerability
Patched
A server-side request forgery (SSRF) vulnerability has been identified in multiple WSO2 products, including WSO2 Identity Server, WSO2 Open Banking IAM, and WSO2 Open Banking KM. This vulnerability arises from inadequate input validation in SOAP admin services, allowing unauthenticated attackers to manipulate server-side requests. Exploitation could lead to unauthorized access to sensitive data and systems, including resources within private networks, as long as they are reachable by the affected WSO2 product.
Impact
Exploitation of this vulnerability could result in unauthorized access to internal and external resources, including sensitive data and systems, reachable by the affected WSO2 product.
Remediation
Community users can apply the relevant fixes using the public pull request available on GitHub. Commercial users should update to the specified update level for their product version. WSO2 customers with a support subscription can use WSO2 Updates to apply the fix.
Added: Sep 1, 2025, 7:22 PM
Updated: Sep 1, 2025, 7:22 PM
Vulnerability Rating
Custom Algorithm
spread
3.4impact
3.8exploitability
7.6remediation
7.7relevance
0.1threat
0.0urgency
2.9incentive
5.8Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.