WSO2 Products Remote Code Execution Vulnerability
Original Issue Date: April 23, 2022
Severity Rating: Critical
- WSO2 API Manager version 2.2.0 and above
- WSO2 Identity Server version 5.2.0 and above
- WSO2 Identity Server Analytics version 5.4.0, 5.4.1, 5.5.0, 5.6.0
- WSO2 Identity Server as Key Manager version 5.3.0 and above
- WSO2 Enterprise Integrator version 6.2.0 and above
A vulnerability has been reported in various WSO2 Products which could be exploited by an attacker to execute remote code on the targeted system.
This vulnerability exists in various WSO2 products due to improper validation of user input. A remote attacker could exploit this vulnerability by uploading an arbitrary file to a user-controlled location of the server.
Successful exploitation of this vulnerability could allow the attacker to execute arbitrary code on the targeted system.
- Upgrade to latest version of the WSO2 product.
- Users may also apply relevant fixes as mentioned in the below URLs
The information provided herein is on "as is" basis, without warranty of any kind.
Email: firstname.lastname@example.org Phone: +91-11-24368572
Indian Computer Emergency Response Team (CERT-In)
Ministry of Electronics and Information Technology
Government of India
6, CGO Complex, Lodhi Road,
New Delhi - 110 003