SECURITY ADVISORY WSO2-2022-1754¶
Published: May 31, 2024
Version: 1.0.0
Severity: Medium
CVSS Score: 5.3 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
AFFECTED PRODUCTS¶
- WSO2 API Manager : 3.2.0 , 3.1.0 , 3.0.0
- WSO2 identity server : 5.9.0 , 5.8.0
- WSO2 identity server as key Manager : 5.9.0
OVERVIEW¶
Information disclosure vulnerability.
DESCRIPTION¶
Due to the improper validation, the server side codes are exposed in certain circumstances.
IMPACT¶
By leveraging the identified vulnerability, a malicious actor could obtain sensitive information from the source code and the information can be used to carry out successful attacks against the vulnerable deployments.
SOLUTION¶
We highly recommend to migrate the latest version of respective WSO2 products to mitigate the identified vulnerabilities.
Info
If you are a WSO2 customer with Support Subscription, please use WSO2 Updates in order to apply the fix.