CVE-2024-7487

Improper Authentication in WSO2 Identity Server 7.0.0 Allows Bypass of App-Native Authentication

Description

An improper authentication vulnerability exists in WSO2 Identity Server 7.0.0 due to an implementation flaw that allows app-native authentication to be bypassed when an invalid object is passed. Exploitation of this vulnerability could enable malicious actors to circumvent the client verification mechanism, compromising the integrity of the authentication process.

INFO

Published Date :

2025-05-22T19:03:13.414Z

Last Modified :

2025-05-22T19:23:58.211Z

Source :

WSO2

AFFECTED PRODUCTS

The following products are affected by CVE-2024-7487 vulnerability.

Vendors	Products
Wso2	Identity Server

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-7487.

URL	Resource
https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2024/WSO2-2024-3348/

CVSS Vulnerability Scoring System

V3.1

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality Impact

Integrity Impact

Availability Impact