Description

An incorrect authorization vulnerability exists in multiple WSO2 products due to a flaw in the SOAP admin service, which allows user account creation regardless of the self-registration configuration settings. This vulnerability enables malicious actors to create new user accounts without proper authorization. Exploitation of this flaw could allow an attacker to create multiple low-privileged user accounts, gaining unauthorized access to the system. Additionally, continuous exploitation could lead to system resource exhaustion through mass user creation.

INFO

Published Date :

2025-05-30T15:04:09.940Z

Last Modified :

2025-05-30T16:12:44.804Z

Source :

WSO2
AFFECTED PRODUCTS

The following products are affected by CVE-2024-7097 vulnerability.

Vendors Products
Wso2
  • Api Manager
  • Enterprise Mobility Manager
  • Identity Server
  • Identity Server As Key Manager
  • Open Banking Am
  • Open Banking Iam
  • Open Banking Km
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-7097.

URL Resource
https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2024/WSO2-2024-3574/ cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact