What is CVE-2024-0392?

CVE-2024-0392 is a medium-severity vulnerability in Wso2 Enterprise Integrator, classified under Cross-Site Request Forgery (CSRF). CVSS score: 5.4/10. Published 2025-02-27.

How severe is CVE-2024-0392?

Medium severity. CVSS v3 base score is 5.4 out of 10.

CSRF in Wso2 Enterprise Integrator

CVE-2024-0392

A Cross-Site Request Forgery (CSRF) vulnerability exists in the management console of WSO2 Enterprise Integrator 6.6.0 due to the absence of CSRF token validation. This flaw allows attackers to craft malicious requests that can trigger sta…

Vulnerability class: CSRF (Cross-Site Request Forgery)

EPSS: 0.003 (50.9th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 5.4 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L.

Affected products

Wso2 Enterprise Integrator — versions 0, 6.6.0

Weakness classification (CWE)

CWE-352 — Cross-Site Request Forgery (CSRF)

References

security.docs.wso2.com/en/latest/security-announcements/security-advisories/202… (vendor-advisory)

Frequently asked questions

What is CVE-2024-0392?: CVE-2024-0392 is a medium-severity vulnerability in Wso2 Enterprise Integrator, classified under Cross-Site Request Forgery (CSRF). CVSS score: 5.4/10. Published 2025-02-27.
How severe is CVE-2024-0392?: Medium severity. CVSS v3 base score is 5.4 out of 10.