cvedb.io
CVE-2024-3511
MEDIUM · CVSS 4.3
EPSS exploitation probability: 0%
Published 2025-06-23T09:15:21.580 · Last modified 2026-06-17T07:44:25.200

Summary

An incorrect authorization vulnerability exists in multiple WSO2 products that allows unauthorized access to versioned files stored in the registry. Due to flawed authorization logic, a malicious actor with access to the management console can exploit a specific bypass method to retrieve versioned files without proper authorization. Successful exploitation of this vulnerability could lead to unauthorized disclosure of configuration or resource files that may be stored as registry versions, potentially aiding further attacks or system reconnaissance.

Affected products

wso2 — api_manager

Does this affect you?

Add your gear to cvedb and we'll alert you only when wso2 ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.