cvedb.io
CVE-2024-7073
MEDIUM · CVSS 6.5
EPSS exploitation probability: 0%
Published 2025-06-02T17:15:36.083 · Last modified 2026-06-17T08:19:18.647

Summary

A server-side request forgery (SSRF) vulnerability exists in multiple WSO2 products due to improper input validation in SOAP admin services. This flaw allows unauthenticated attackers to manipulate server-side requests, enabling access to internal and external resources available through the network or filesystem. Exploitation of this vulnerability could lead to unauthorized access to sensitive data and systems, including resources within private networks, as long as they are reachable by the affected product.

Affected products

wso2 — identity_server

Does this affect you?

Add your gear to cvedb and we'll alert you only when wso2 ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.