WSO2 Products Arbitrary File Upload Vulnerability Leading to Remote Code Execution
Vulnerability
A vulnerability allowing arbitrary file upload has been identified in multiple WSO2 products, including WSO2 API Manager, WSO2 Identity Server, WSO2 Traffic Manager, and others. This vulnerability arises from inadequate input validation in the CarbonAppUploader admin service endpoint. An authenticated attacker with the necessary privileges can upload a malicious file to a user-controlled location on the server, potentially leading to remote code execution. By default, this functionality is limited to admin users, so successful exploitation requires valid administrative credentials.
Impact
Exploitation of this vulnerability could allow authenticated attackers with the appropriate privileges to upload malicious files that could be executed remotely, leading to unauthorized code execution on the server.
Remediation
Users of WSO2 products can apply the relevant fixes available on the WSO2 GitHub repository. Support subscription holders can update their products to the specified update level or a higher level to apply the fix.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.