WSO2 Products Remote Code Execution Vulnerability via Event Processor Admin Service
Vulnerability
A remote code execution vulnerability has been identified in multiple WSO2 products, including WSO2 API Manager, WSO2 Open Banking AM, WSO2 API Control Plane, and WSO2 Traffic Manager. This vulnerability arises from improper input validation in the event processor admin service, allowing authenticated users with administrative privileges to execute arbitrary code on the server. Exploitation involves deploying a Siddhi execution plan that contains malicious Java code through the SOAP admin services.
Impact
Exploitation of this vulnerability allows authenticated users with administrative access to the SOAP admin services to execute arbitrary code on the server.
Remediation
Users of WSO2 API Manager, WSO2 Open Banking AM, WSO2 API Control Plane, and WSO2 Traffic Manager should update to the latest unaffected version. Community users can apply the public fix available on the WSO2 GitHub repository. Support subscription holders can use WSO2 Updates to apply the fix.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.