Wso2 Wso2 Enterprise Integrator
19 CVEs affecting Wso2 Wso2 Enterprise Integrator. Latest disclosed: 2025-11-18. Critical: 2, High: 3.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2025-9804 | Critical | 9.6 | 2025-10-16 | An improper access control vulnerability exists in multiple WSO2 products due to insufficient permission enforcement in certain internal SOAP Admin Services an… |
CVE-2025-2905 | Critical | 9.1 | 2025-05-05 | Due to the improper configuration of XML parser, user-supplied XML is parsed without applying sufficient restrictions, enabling XML External Entity (XXE) resol… |
CVE-2025-6670 | High | 8.8 | 2025-11-18 | A Cross-Site Request Forgery (CSRF) vulnerability exists in multiple WSO2 products due to the use of the HTTP GET method for state-changing operations within a… |
CVE-2025-11093 | High | 8.4 | 2025-11-05 | An arbitrary code execution vulnerability exists in multiple WSO2 products due to insufficient restrictions in the GraalJS and NashornJS Script Mediator engine… |
CVE-2025-10907 | High | 8.4 | 2025-11-05 | An arbitrary file upload vulnerability exists in multiple WSO2 products due to insufficient validation of uploaded content and destination in SOAP admin servic… |
CVE-2024-7074 | Medium | 6.8 | 2025-06-02 | An arbitrary file upload vulnerability exists in multiple WSO2 products due to improper validation of user input in SOAP admin services. A malicious actor with… |
CVE-2025-3125 | Medium | 6.7 | 2025-11-05 | An arbitrary file upload vulnerability exists in multiple WSO2 products due to improper input validation in the CarbonAppUploader admin service endpoint. An au… |
CVE-2025-1862 | Medium | 6.7 | 2025-09-26 | An arbitrary file upload vulnerability exists in multiple WSO2 products due to improper validation of user-supplied filenames in the BPEL uploader SOAP service… |
CVE-2025-10713 | Medium | 6.5 | 2025-11-05 | An XML External Entity (XXE) vulnerability exists in multiple WSO2 products due to improper configuration of the XML parser. The application parses user-suppli… |
CVE-2025-5350 | Medium | 5.9 | 2025-10-24 | SSRF and Reflected XSS Vulnerabilities exist in multiple WSO2 products within the deprecated Try-It feature, which was accessible only to administrative users… |
CVE-2025-9955 | Medium | 5.7 | 2025-10-16 | An improper access control vulnerability exists in WSO2 Enterprise Integrator product due to insufficient permission restrictions on internal SOAP admin servic… |
CVE-2024-0392 | Medium | 5.4 | 2025-02-27 | A Cross-Site Request Forgery (CSRF) vulnerability exists in the management console of WSO2 Enterprise Integrator 6.6.0 due to the absence of CSRF token validat… |
CVE-2025-10853 | Medium | 5.2 | 2025-11-05 | A reflected cross-site scripting (XSS) vulnerability exists in the management console of multiple WSO2 products due to improper output encoding. By tampering w… |
CVE-2024-8008 | Medium | 5.2 | 2025-06-02 | A reflected cross-site scripting (XSS) vulnerability exists in multiple WSO2 products due to insufficient output encoding in error messages generated by the JD… |
CVE-2023-6911 | Medium | 4.8 | 2023-12-18 | Multiple WSO2 products have been identified as vulnerable due to improper output encoding, a Stored Cross Site Scripting (XSS) attack can be carried out by an… |
CVE-2023-6836 | Medium | 4.6 | 2023-12-15 | Multiple WSO2 products have been identified as vulnerable due to an XML External Entity (XXE) attack abuses a widely available but rarely used feature of XML p… |
CVE-2025-5605 | Medium | 4.3 | 2025-10-24 | An authentication bypass vulnerability exists in the Management Console of multiple WSO2 products. A malicious actor with access to the console can manipulate… |
CVE-2024-3511 | Medium | 4.3 | 2025-06-23 | An incorrect authorization vulnerability exists in multiple WSO2 products that allows unauthorized access to versioned files stored in the registry. Due to fla… |
CVE-2024-3509 | Medium | 4.3 | 2025-06-02 | A stored cross-site scripting (XSS) vulnerability exists in the Management Console of multiple WSO2 products due to insufficient input validation in the Rich T… |