SECURITY ADVISORY WSO2-2022-1754

Published: May 31, 2024

Version: 1.0.0

Severity: Medium

CVSS Score: 5.3 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)


AFFECTED PRODUCTS

  • WSO2 API Manager : 3.2.0 , 3.1.0 , 3.0.0
  • WSO2 identity server : 5.9.0 , 5.8.0
  • WSO2 identity server as key Manager : 5.9.0

OVERVIEW

Information disclosure vulnerability.

DESCRIPTION

Due to the improper validation, the server side codes are exposed in certain circumstances.

IMPACT

By leveraging the identified vulnerability, a malicious actor could obtain sensitive information from the source code and the information can be used to carry out successful attacks against the vulnerable deployments.

SOLUTION

We highly recommend to migrate the latest version of respective WSO2 products to mitigate the identified vulnerabilities.

Info

If you are a WSO2 customer with Support Subscription, please use WSO2 Updates in order to apply the fix.