Wso2 Wso2 Open Banking Km
7 CVEs affecting Wso2 Wso2 Open Banking Km. Latest disclosed: 2025-11-18. Critical: 4, High: 0.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2025-9312 | Critical | 9.8 | 2025-11-18 | A missing authentication enforcement vulnerability exists in the mutual TLS (mTLS) implementation used by System REST APIs and SOAP services in multiple WSO2 p… |
CVE-2025-10611 | Critical | 9.8 | 2025-10-16 | Due to an insufficient access control implementation in multiple WSO2 Products, authentication and authorization checks for certain REST APIs can be bypassed… |
CVE-2024-6914 | Critical | 9.8 | 2025-05-22 | An incorrect authorization vulnerability exists in multiple WSO2 products due to a business logic flaw in the account recovery-related SOAP admin service. A ma… |
CVE-2025-9804 | Critical | 9.6 | 2025-10-16 | An improper access control vulnerability exists in multiple WSO2 products due to insufficient permission enforcement in certain internal SOAP Admin Services an… |
CVE-2024-7073 | Medium | 6.5 | 2025-06-02 | A server-side request forgery (SSRF) vulnerability exists in multiple WSO2 products due to improper input validation in SOAP admin services. This flaw allows u… |
CVE-2024-7097 | Medium | 4.3 | 2025-05-30 | An incorrect authorization vulnerability exists in multiple WSO2 products due to a flaw in the SOAP admin service, which allows user account creation regardles… |
CVE-2024-7096 | Medium | 4.2 | 2025-05-30 | A privilege escalation vulnerability exists in multiple WSO2 products due to a business logic flaw in SOAP admin services. A malicious actor can create a new u… |