QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2024-3511

Back to search

CVE-2024-3511

Published: Jun 23, 2025

Modified: Jun 23, 2025

PUBLISHED

CVSS v3.1

4.3

MEDIUM

Description

An incorrect authorization vulnerability exists in multiple WSO2 products that allows unauthorized access to versioned files stored in the registry. Due to flawed authorization logic, a malicious actor with access to the management console can exploit a specific bypass method to retrieve versioned files without proper authorization. Successful exploitation of this vulnerability could lead to unauthorized disclosure of configuration or resource files that may be stored as registry versions, potentially aiding further attacks or system reconnaissance.

VendorProductVersions

WSO2

WSO2 Enterprise Integrator

unknown
0 - < 6.6.0
affected
6.6.0 - < 6.6.0.205

WSO2

WSO2 API Manager

unknown
0 - < 3.1.0
affected
3.1.0 - < 3.1.0.273
affected
3.2.0 - < 3.2.0.361
affected
3.2.1 - < 3.2.1.13
affected
4.0.0 - < 4.0.0.306

+3 more versions

WSO2

WSO2 Identity Server as Key Manager

unknown
0 - < 5.10.0
affected
5.10.0 - < 5.10.0.289

WSO2

WSO2 Identity Server

unknown
0 - < 5.10.0
affected
5.10.0 - < 5.10.0.292
affected
5.11.0 - < 5.11.0.333
affected
6.0.0 - < 6.0.0.180
affected
6.1.0 - < 6.1.0.141

+1 more versions

WSO2

WSO2 Open Banking AM

unknown
0 - < 2.0.0
affected
2.0.0 - < 2.0.0.320

WSO2

WSO2 Open Banking IAM

unknown
0 - < 2.0.0
affected
2.0.0 - < 2.0.0.341

WSO2

WSO2 Carbon User Manager Kernel

affected
4.5.0 - < 4.5.0.5
affected
4.5.3 - < 4.5.3.35
affected
4.6.0 - < 4.6.0.140
affected
4.6.1 - < 4.6.1.107
affected
4.6.2 - < 4.6.2.323

+8 more versions

Weaknesses (CWE)

CWE-863

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Attack Vector

Adjacent

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

None

Availability

None

References

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now