Description

An incorrect authorization vulnerability exists in multiple WSO2 products that allows unauthorized access to versioned files stored in the registry. Due to flawed authorization logic, a malicious actor with access to the management console can exploit a specific bypass method to retrieve versioned files without proper authorization. Successful exploitation of this vulnerability could lead to unauthorized disclosure of configuration or resource files that may be stored as registry versions, potentially aiding further attacks or system reconnaissance.

INFO

Published Date :

2025-06-23T08:47:55.266Z

Last Modified :

2025-06-23T12:43:45.452Z

Source :

WSO2
AFFECTED PRODUCTS

The following products are affected by CVE-2024-3511 vulnerability.

Vendors Products
Wso2
  • Api Manager
  • Carbon
  • Enterprise Integrator
  • Identity Server
  • Identity Server As Key Manager
  • Open Banking Am
  • Open Banking Iam
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-3511.

URL Resource
https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2025/WSO2-2024-2702/ cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact