CVE-2024-7097
MEDIUM EXPLOITED NUCLEIWSO2 API Manager and Identity Server - Incorrect Authorization via SOAP Admin Service
Title source: llmExploitation Summary
CVE-2024-7097 has been observed exploited in the wild (reported by VulnCheck KEV). A Nuclei detection template is also available.
Description
An incorrect authorization vulnerability exists in multiple WSO2 products due to a flaw in the SOAP admin service, which allows user account creation regardless of the self-registration configuration settings. This vulnerability enables malicious actors to create new user accounts without proper authorization. Exploitation of this flaw could allow an attacker to create multiple low-privileged user accounts, gaining unauthorized access to the system. Additionally, continuous exploitation could lead to system resource exhaustion through mass user creation.
Nuclei Templates (1)
WSO2 User Registration - Arbitrary Account Creation
MEDIUMVERIFIEDby iamnoooob,rootxharsh,pdresearch
Shodan:
WSO2 Carbon Server
References (1)
Core 1
Core References
Vendor Advisory vendor-advisory
https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2024/WSO2-2024-3574/
Scores
CVSS v3
4.3
EPSS
0.0054
EPSS Percentile
40.9%
Attack Vector
ADJACENT_NETWORK
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
VulnCheck KEV
2025-02-02
CWE
CWE-863
Status
published
Products (37)
wso2/api_manager
2.1.0
wso2/api_manager
2.2.0
wso2/api_manager
2.5.0
wso2/api_manager
2.6.0
wso2/api_manager
3.0.0
wso2/api_manager
3.1.0
wso2/api_manager
3.2.0
wso2/api_manager
3.2.1
wso2/api_manager
4.0.0
wso2/api_manager
4.1.0
... and 27 more
Published
May 30, 2025
Tracked Since
Feb 18, 2026