An authentication bypass vulnerability exists in multiple WSO2 products when FIDO authentication is enabled. When a user account is deleted, the system does not automatically remove associated FIDO re
A cross-tenant authentication vulnerability exists in multiple WSO2 products due to improper cryptographic design in Adaptive Authentication. A single cryptographic key is used across all tenants to s
An incorrect authorization vulnerability exists in multiple WSO2 products due to a flaw in the SOAP admin service, which allows user account creation regardless of the self-registration configuration
A username enumeration vulnerability exists in multiple WSO2 products when Multi-Attribute Login is enabled. In this configuration, the system returns a distinct "User does not exist" error message to
Due to an insufficient access control implementation in multiple WSO2 Products, authentication and authorization checks for certain REST APIs can be bypassed, allowing them to be invoked without prope
An incorrect authorization vulnerability exists in multiple WSO2 products due to a business logic flaw in the account recovery-related SOAP admin service. A malicious actor can exploit this vulnerabil
An improper authentication vulnerability exists in WSO2 Identity Server 7.0.0 due to an implementation flaw that allows app-native authentication to be bypassed when an invalid object is passed.
Expl
An authentication bypass vulnerability exists in the Management Console of multiple WSO2 products. A malicious actor with access to the console can manipulate the request URI to bypass authentication
Due to a lack of user account state validation during authentication, locked user accounts can be successfully authenticated using Magic Link or Pass Key methods. This bypasses the intended security c
A privilege escalation vulnerability exists in multiple WSO2 products due to a business logic flaw in SOAP admin services. A malicious actor can create a new user with elevated permissions only when a
An open redirection vulnerability exists in multiple WSO2 products due to improper validation of the multi-option URL in the authentication endpoint when multi-option authentication is enabled. A mali
Due to not validating the organization context when executing adaptive authentication flows, the WSO2 Identity Server allows adaptive authentication logic to be triggered on unintended organizations.
An incorrect authorization vulnerability exists in multiple WSO2 products that allows unauthorized access to versioned files stored in the registry. Due to flawed authorization logic, a malicious acto
ServiceNow has addressed an authorization bypass vulnerability that was identified in the Washington release of the Now Platform. This vulnerability, if exploited, potentially could enable an authenti
The check user account lock states feature within the email OTP flow fails to validate user input, allowing an attacker to infer the existence of registered user accounts.
The discovery of valid user
The Magic Link authentication flow accepts multiple invalid authentication requests without adequate rate limiting or resource control, leading to uncontrolled memory usage growth.
This vulnerability
A missing authentication enforcement vulnerability exists in the mutual TLS (mTLS) implementation used by System REST APIs and SOAP services in multiple WSO2 products. Due to improper validation of cl
The Cloud SAML SSO plugin for WordPress is vulnerable to Identity Provider Deletion due to a missing capability check on the delete_config action of the csso_handle_actions() function in all versions
The authentication endpoint fails to adequately validate user-supplied input before reflecting it back in the response. This allows an attacker to inject malicious script payloads into the input param
An
authentication bypass vulnerability exists in the affected product. The
vulnerability exists due to shared secrets across accounts and could allow a threat
actor to impersonate a user if the threat
Page 1+ Next →