📦 Open Banking Km

A missing authentication enforcement vulnerability in WSO2 products allows unauthenticated access to System REST APIs and SOAP services when mutual TLS (mTLS) is enabled in certain default configurati...

This critical vulnerability in WSO2 products allows attackers to bypass authentication and authorization checks for certain REST APIs, enabling unauthenticated administrative access. Attackers could p...

This vulnerability allows attackers to reset any user's password via a flawed SOAP admin service in WSO2 products, leading to complete account takeover including privileged accounts. It affects WSO2 p...

CVE-2022-29464 is a critical unrestricted file upload vulnerability in multiple WSO2 products that allows attackers to upload malicious files to web-accessible directories via directory traversal. Thi...

This CVE describes a server-side request forgery (SSRF) vulnerability in multiple WSO2 products that allows unauthenticated attackers to manipulate server-side requests. Attackers can access internal ...

This vulnerability allows attackers to create unauthorized user accounts in WSO2 products regardless of self-registration settings. It affects WSO2 products with SOAP admin service enabled. Attackers ...