WSO2 Products Incorrect Authorization Vulnerability in SOAP Admin Service Allowing Unauthorized User Account Creation

Vulnerability

A vulnerability allowing incorrect authorization has been identified in multiple WSO2 products. This issue arises from a flaw in the SOAP admin service, which permits user account creation regardless of the self-registration configuration. As a result, malicious actors can create new user accounts without proper authorization. Exploiting this vulnerability could enable an attacker to generate multiple low-privileged user accounts, gaining unauthorized access to the system. Furthermore, repeated exploitation could exhaust system resources by creating a large number of user accounts.

Impact

Exploitation of this vulnerability could lead to unauthorized access through the creation of low-privileged user accounts. Additionally, it could cause system resource exhaustion by allowing mass user account creation.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.3

exploitability

7.4

remediation

0.0

relevance

0.1

threat

0.5

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.3

exploitability

7.4

remediation

0.0

relevance

0.1

threat

0.5

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

WSO2 Products Incorrect Authorization Vulnerability in SOAP Admin Service Allowing Unauthorized User Account Creation

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating