CVE-2024-3511 (GCVE-0-2024-3511)
Vulnerability from cvelistv5
Published
2025-06-23 08:47
Modified
2025-06-23 12:43
Severity ?
4.3 (Medium) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CWE
  • CWE-863 - Incorrect Authorization
Summary
An incorrect authorization vulnerability exists in multiple WSO2 products that allows unauthorized access to versioned files stored in the registry. Due to flawed authorization logic, a malicious actor with access to the management console can exploit a specific bypass method to retrieve versioned files without proper authorization. Successful exploitation of this vulnerability could lead to unauthorized disclosure of configuration or resource files that may be stored as registry versions, potentially aiding further attacks or system reconnaissance.
References
ed10eef1-636d-4fbe-9993-6890dfa878f8https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2025/WSO2-2024-2702/
Impacted products
Vendor Product Version
WSO2 WSO2 Enterprise Integrator Version: 6.6.0   < 6.6.0.205
 Create a notification for this product.
   WSO2 WSO2 API Manager Version: 3.1.0   < 3.1.0.273
Version: 3.2.0   < 3.2.0.361
Version: 3.2.1   < 3.2.1.13
Version: 4.0.0   < 4.0.0.306
Version: 4.1.0   < 4.1.0.163
Version: 4.2.0   < 4.2.0.98
Version: 4.3.0   < 4.3.0.17
 Create a notification for this product.
   WSO2 WSO2 Identity Server as Key Manager Version: 5.10.0   < 5.10.0.289
 Create a notification for this product.
   WSO2 WSO2 Identity Server Version: 5.10.0   < 5.10.0.292
Version: 5.11.0   < 5.11.0.333
Version: 6.0.0   < 6.0.0.180
Version: 6.1.0   < 6.1.0.141
Version: 7.0.0   < 7.0.0.8
 Create a notification for this product.
   WSO2 WSO2 Open Banking AM Version: 2.0.0   < 2.0.0.320
 Create a notification for this product.
   WSO2 WSO2 Open Banking IAM Version: 2.0.0   < 2.0.0.341
 Create a notification for this product.
   WSO2 WSO2 Carbon User Manager Kernel Version: 4.5.0   < 4.5.0.5
Version: 4.5.3   < 4.5.3.35
Version: 4.6.0   < 4.6.0.140
Version: 4.6.1   < 4.6.1.107
Version: 4.6.2   < 4.6.2.323
Version: 4.6.3   < 4.6.3.18
Version: 4.6.4   < 4.6.4.3
Version: 4.7.1   < 4.7.1.47
Version: 4.8.1   < 4.8.1.19
Version: 4.9.0   < 4.9.0.52
Version: 4.9.26   < 4.9.26.10
Version: 4.10.9   < 4.10.9.8
Patch: 4.10.13
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-3511",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-06-23T12:38:22.864048Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-06-23T12:43:45.452Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "WSO2 Enterprise Integrator",
          "vendor": "WSO2",
          "versions": [
            {
              "lessThan": "6.6.0",
              "status": "unknown",
              "version": "0",
              "versionType": "custom"
            },
            {
              "lessThan": "6.6.0.205",
              "status": "affected",
              "version": "6.6.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "WSO2 API Manager",
          "vendor": "WSO2",
          "versions": [
            {
              "lessThan": "3.1.0",
              "status": "unknown",
              "version": "0",
              "versionType": "custom"
            },
            {
              "lessThan": "3.1.0.273",
              "status": "affected",
              "version": "3.1.0",
              "versionType": "custom"
            },
            {
              "lessThan": "3.2.0.361",
              "status": "affected",
              "version": "3.2.0",
              "versionType": "custom"
            },
            {
              "lessThan": "3.2.1.13",
              "status": "affected",
              "version": "3.2.1",
              "versionType": "custom"
            },
            {
              "lessThan": "4.0.0.306",
              "status": "affected",
              "version": "4.0.0",
              "versionType": "custom"
            },
            {
              "lessThan": "4.1.0.163",
              "status": "affected",
              "version": "4.1.0",
              "versionType": "custom"
            },
            {
              "lessThan": "4.2.0.98",
              "status": "affected",
              "version": "4.2.0",
              "versionType": "custom"
            },
            {
              "lessThan": "4.3.0.17",
              "status": "affected",
              "version": "4.3.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "WSO2 Identity Server as Key Manager",
          "vendor": "WSO2",
          "versions": [
            {
              "lessThan": "5.10.0",
              "status": "unknown",
              "version": "0",
              "versionType": "custom"
            },
            {
              "lessThan": "5.10.0.289",
              "status": "affected",
              "version": "5.10.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "WSO2 Identity Server",
          "vendor": "WSO2",
          "versions": [
            {
              "lessThan": "5.10.0",
              "status": "unknown",
              "version": "0",
              "versionType": "custom"
            },
            {
              "lessThan": "5.10.0.292",
              "status": "affected",
              "version": "5.10.0",
              "versionType": "custom"
            },
            {
              "lessThan": "5.11.0.333",
              "status": "affected",
              "version": "5.11.0",
              "versionType": "custom"
            },
            {
              "lessThan": "6.0.0.180",
              "status": "affected",
              "version": "6.0.0",
              "versionType": "custom"
            },
            {
              "lessThan": "6.1.0.141",
              "status": "affected",
              "version": "6.1.0",
              "versionType": "custom"
            },
            {
              "lessThan": "7.0.0.8",
              "status": "affected",
              "version": "7.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "WSO2 Open Banking AM",
          "vendor": "WSO2",
          "versions": [
            {
              "lessThan": "2.0.0",
              "status": "unknown",
              "version": "0",
              "versionType": "custom"
            },
            {
              "lessThan": "2.0.0.320",
              "status": "affected",
              "version": "2.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "WSO2 Open Banking IAM",
          "vendor": "WSO2",
          "versions": [
            {
              "lessThan": "2.0.0",
              "status": "unknown",
              "version": "0",
              "versionType": "custom"
            },
            {
              "lessThan": "2.0.0.341",
              "status": "affected",
              "version": "2.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "packageName": "org.wso2.carbon:org.wso2.carbon.user.core",
          "product": "WSO2 Carbon User Manager Kernel",
          "vendor": "WSO2",
          "versions": [
            {
              "lessThan": "4.5.0.5",
              "status": "affected",
              "version": "4.5.0",
              "versionType": "custom"
            },
            {
              "lessThan": "4.5.3.35",
              "status": "affected",
              "version": "4.5.3",
              "versionType": "custom"
            },
            {
              "lessThan": "4.6.0.140",
              "status": "affected",
              "version": "4.6.0",
              "versionType": "custom"
            },
            {
              "lessThan": "4.6.1.107",
              "status": "affected",
              "version": "4.6.1",
              "versionType": "custom"
            },
            {
              "lessThan": "4.6.2.323",
              "status": "affected",
              "version": "4.6.2",
              "versionType": "custom"
            },
            {
              "lessThan": "4.6.3.18",
              "status": "affected",
              "version": "4.6.3",
              "versionType": "custom"
            },
            {
              "lessThan": "4.6.4.3",
              "status": "affected",
              "version": "4.6.4",
              "versionType": "custom"
            },
            {
              "lessThan": "4.7.1.47",
              "status": "affected",
              "version": "4.7.1",
              "versionType": "custom"
            },
            {
              "lessThan": "4.8.1.19",
              "status": "affected",
              "version": "4.8.1",
              "versionType": "custom"
            },
            {
              "lessThan": "4.9.0.52",
              "status": "affected",
              "version": "4.9.0",
              "versionType": "custom"
            },
            {
              "lessThan": "4.9.26.10",
              "status": "affected",
              "version": "4.9.26",
              "versionType": "custom"
            },
            {
              "lessThan": "4.10.9.8",
              "status": "affected",
              "version": "4.10.9",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "4.10.13",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "Viral Maniar - Security Researcher at Preemptive Cyber Security Pty Ltd"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "An incorrect authorization vulnerability exists in multiple WSO2 products that allows unauthorized access to versioned files stored in the registry. Due to flawed authorization logic, a malicious actor with access to the management console can exploit a specific bypass method to retrieve versioned files without proper authorization.\u003cbr\u003e\u003cbr\u003eSuccessful exploitation of this vulnerability could lead to unauthorized disclosure of configuration or resource files that may be stored as registry versions, potentially aiding further attacks or system reconnaissance.\u003cbr\u003e"
            }
          ],
          "value": "An incorrect authorization vulnerability exists in multiple WSO2 products that allows unauthorized access to versioned files stored in the registry. Due to flawed authorization logic, a malicious actor with access to the management console can exploit a specific bypass method to retrieve versioned files without proper authorization.\n\nSuccessful exploitation of this vulnerability could lead to unauthorized disclosure of configuration or resource files that may be stored as registry versions, potentially aiding further attacks or system reconnaissance."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-863",
              "description": "CWE-863 Incorrect Authorization",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-06-23T08:47:55.266Z",
        "orgId": "ed10eef1-636d-4fbe-9993-6890dfa878f8",
        "shortName": "WSO2"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2025/WSO2-2024-2702/"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: transparent;\"\u003eFollow the instructions given on \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2025/WSO2-2024-2702/#solution\"\u003e\u003cspan style=\"background-color: transparent;\"\u003ehttps://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2025/WSO2-2024-2702/#solution\u003c/span\u003e\u003c/a\u003e \u003cbr\u003e"
            }
          ],
          "value": "Follow the instructions given on  https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2025/WSO2-2024-2702/#solution https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2025/WSO2-2024-2702/#solution"
        }
      ],
      "source": {
        "advisory": "WSO2-2024-2702",
        "discovery": "EXTERNAL"
      },
      "title": "Incorrect Authorization in Multiple WSO2 Products Allows Unauthorized Access to Registry Versioned Files",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ed10eef1-636d-4fbe-9993-6890dfa878f8",
    "assignerShortName": "WSO2",
    "cveId": "CVE-2024-3511",
    "datePublished": "2025-06-23T08:47:55.266Z",
    "dateReserved": "2024-04-09T12:08:02.707Z",
    "dateUpdated": "2025-06-23T12:43:45.452Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-3511\",\"sourceIdentifier\":\"ed10eef1-636d-4fbe-9993-6890dfa878f8\",\"published\":\"2025-06-23T09:15:21.580\",\"lastModified\":\"2025-06-23T20:16:21.633\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An incorrect authorization vulnerability exists in multiple WSO2 products that allows unauthorized access to versioned files stored in the registry. Due to flawed authorization logic, a malicious actor with access to the management console can exploit a specific bypass method to retrieve versioned files without proper authorization.\\n\\nSuccessful exploitation of this vulnerability could lead to unauthorized disclosure of configuration or resource files that may be stored as registry versions, potentially aiding further attacks or system reconnaissance.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"ed10eef1-636d-4fbe-9993-6890dfa878f8\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N\",\"baseScore\":4.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"ADJACENT_NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":1.4}]},\"weaknesses\":[{\"source\":\"ed10eef1-636d-4fbe-9993-6890dfa878f8\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-863\"}]}],\"references\":[{\"url\":\"https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2025/WSO2-2024-2702/\",\"source\":\"ed10eef1-636d-4fbe-9993-6890dfa878f8\"}]}}",
    "vulnrichment": {
      "containers": "{\"cna\": {\"affected\": [{\"defaultStatus\": \"unaffected\", \"product\": \"WSO2 Enterprise Integrator\", \"vendor\": \"WSO2\", \"versions\": [{\"lessThan\": \"6.6.0\", \"status\": \"unknown\", \"version\": \"0\", \"versionType\": \"custom\"}, {\"lessThan\": \"6.6.0.205\", \"status\": \"affected\", \"version\": \"6.6.0\", \"versionType\": \"custom\"}]}, {\"defaultStatus\": \"unaffected\", \"product\": \"WSO2 API Manager\", \"vendor\": \"WSO2\", \"versions\": [{\"lessThan\": \"3.1.0\", \"status\": \"unknown\", \"version\": \"0\", \"versionType\": \"custom\"}, {\"lessThan\": \"3.1.0.273\", \"status\": \"affected\", \"version\": \"3.1.0\", \"versionType\": \"custom\"}, {\"lessThan\": \"3.2.0.361\", \"status\": \"affected\", \"version\": \"3.2.0\", \"versionType\": \"custom\"}, {\"lessThan\": \"3.2.1.13\", \"status\": \"affected\", \"version\": \"3.2.1\", \"versionType\": \"custom\"}, {\"lessThan\": \"4.0.0.306\", \"status\": \"affected\", \"version\": \"4.0.0\", \"versionType\": \"custom\"}, {\"lessThan\": \"4.1.0.163\", \"status\": \"affected\", \"version\": \"4.1.0\", \"versionType\": \"custom\"}, {\"lessThan\": \"4.2.0.98\", \"status\": \"affected\", \"version\": \"4.2.0\", \"versionType\": \"custom\"}, {\"lessThan\": \"4.3.0.17\", \"status\": \"affected\", \"version\": \"4.3.0\", \"versionType\": \"custom\"}]}, {\"defaultStatus\": \"unaffected\", \"product\": \"WSO2 Identity Server as Key Manager\", \"vendor\": \"WSO2\", \"versions\": [{\"lessThan\": \"5.10.0\", \"status\": \"unknown\", \"version\": \"0\", \"versionType\": \"custom\"}, {\"lessThan\": \"5.10.0.289\", \"status\": \"affected\", \"version\": \"5.10.0\", \"versionType\": \"custom\"}]}, {\"defaultStatus\": \"unaffected\", \"product\": \"WSO2 Identity Server\", \"vendor\": \"WSO2\", \"versions\": [{\"lessThan\": \"5.10.0\", \"status\": \"unknown\", \"version\": \"0\", \"versionType\": \"custom\"}, {\"lessThan\": \"5.10.0.292\", \"status\": \"affected\", \"version\": \"5.10.0\", \"versionType\": \"custom\"}, {\"lessThan\": \"5.11.0.333\", \"status\": \"affected\", \"version\": \"5.11.0\", \"versionType\": \"custom\"}, {\"lessThan\": \"6.0.0.180\", \"status\": \"affected\", \"version\": \"6.0.0\", \"versionType\": \"custom\"}, {\"lessThan\": \"6.1.0.141\", \"status\": \"affected\", \"version\": \"6.1.0\", \"versionType\": \"custom\"}, {\"lessThan\": \"7.0.0.8\", \"status\": \"affected\", \"version\": \"7.0.0\", \"versionType\": \"custom\"}]}, {\"defaultStatus\": \"unaffected\", \"product\": \"WSO2 Open Banking AM\", \"vendor\": \"WSO2\", \"versions\": [{\"lessThan\": \"2.0.0\", \"status\": \"unknown\", \"version\": \"0\", \"versionType\": \"custom\"}, {\"lessThan\": \"2.0.0.320\", \"status\": \"affected\", \"version\": \"2.0.0\", \"versionType\": \"custom\"}]}, {\"defaultStatus\": \"unaffected\", \"product\": \"WSO2 Open Banking IAM\", \"vendor\": \"WSO2\", \"versions\": [{\"lessThan\": \"2.0.0\", \"status\": \"unknown\", \"version\": \"0\", \"versionType\": \"custom\"}, {\"lessThan\": \"2.0.0.341\", \"status\": \"affected\", \"version\": \"2.0.0\", \"versionType\": \"custom\"}]}, {\"defaultStatus\": \"unknown\", \"packageName\": \"org.wso2.carbon:org.wso2.carbon.user.core\", \"product\": \"WSO2 Carbon User Manager Kernel\", \"vendor\": \"WSO2\", \"versions\": [{\"lessThan\": \"4.5.0.5\", \"status\": \"affected\", \"version\": \"4.5.0\", \"versionType\": \"custom\"}, {\"lessThan\": \"4.5.3.35\", \"status\": \"affected\", \"version\": \"4.5.3\", \"versionType\": \"custom\"}, {\"lessThan\": \"4.6.0.140\", \"status\": \"affected\", \"version\": \"4.6.0\", \"versionType\": \"custom\"}, {\"lessThan\": \"4.6.1.107\", \"status\": \"affected\", \"version\": \"4.6.1\", \"versionType\": \"custom\"}, {\"lessThan\": \"4.6.2.323\", \"status\": \"affected\", \"version\": \"4.6.2\", \"versionType\": \"custom\"}, {\"lessThan\": \"4.6.3.18\", \"status\": \"affected\", \"version\": \"4.6.3\", \"versionType\": \"custom\"}, {\"lessThan\": \"4.6.4.3\", \"status\": \"affected\", \"version\": \"4.6.4\", \"versionType\": \"custom\"}, {\"lessThan\": \"4.7.1.47\", \"status\": \"affected\", \"version\": \"4.7.1\", \"versionType\": \"custom\"}, {\"lessThan\": \"4.8.1.19\", \"status\": \"affected\", \"version\": \"4.8.1\", \"versionType\": \"custom\"}, {\"lessThan\": \"4.9.0.52\", \"status\": \"affected\", \"version\": \"4.9.0\", \"versionType\": \"custom\"}, {\"lessThan\": \"4.9.26.10\", \"status\": \"affected\", \"version\": \"4.9.26\", \"versionType\": \"custom\"}, {\"lessThan\": \"4.10.9.8\", \"status\": \"affected\", \"version\": \"4.10.9\", \"versionType\": \"custom\"}, {\"lessThanOrEqual\": \"*\", \"status\": \"unaffected\", \"version\": \"4.10.13\", \"versionType\": \"custom\"}]}], \"credits\": [{\"lang\": \"en\", \"type\": \"reporter\", \"value\": \"Viral Maniar - Security Researcher at Preemptive Cyber Security Pty Ltd\"}], \"descriptions\": [{\"lang\": \"en\", \"supportingMedia\": [{\"base64\": false, \"type\": \"text/html\", \"value\": \"An incorrect authorization vulnerability exists in multiple WSO2 products that allows unauthorized access to versioned files stored in the registry. Due to flawed authorization logic, a malicious actor with access to the management console can exploit a specific bypass method to retrieve versioned files without proper authorization.\u003cbr\u003e\u003cbr\u003eSuccessful exploitation of this vulnerability could lead to unauthorized disclosure of configuration or resource files that may be stored as registry versions, potentially aiding further attacks or system reconnaissance.\u003cbr\u003e\"}], \"value\": \"An incorrect authorization vulnerability exists in multiple WSO2 products that allows unauthorized access to versioned files stored in the registry. Due to flawed authorization logic, a malicious actor with access to the management console can exploit a specific bypass method to retrieve versioned files without proper authorization.\\n\\nSuccessful exploitation of this vulnerability could lead to unauthorized disclosure of configuration or resource files that may be stored as registry versions, potentially aiding further attacks or system reconnaissance.\"}], \"metrics\": [{\"cvssV3_1\": {\"attackComplexity\": \"LOW\", \"attackVector\": \"ADJACENT_NETWORK\", \"availabilityImpact\": \"NONE\", \"baseScore\": 4.3, \"baseSeverity\": \"MEDIUM\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"scope\": \"UNCHANGED\", \"userInteraction\": \"NONE\", \"vectorString\": \"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N\", \"version\": \"3.1\"}, \"format\": \"CVSS\", \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"problemTypes\": [{\"descriptions\": [{\"cweId\": \"CWE-863\", \"description\": \"CWE-863 Incorrect Authorization\", \"lang\": \"en\", \"type\": \"CWE\"}]}], \"providerMetadata\": {\"orgId\": \"ed10eef1-636d-4fbe-9993-6890dfa878f8\", \"shortName\": \"WSO2\", \"dateUpdated\": \"2025-06-23T08:47:55.266Z\"}, \"references\": [{\"tags\": [\"vendor-advisory\"], \"url\": \"https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2025/WSO2-2024-2702/\"}], \"solutions\": [{\"lang\": \"en\", \"supportingMedia\": [{\"base64\": false, \"type\": \"text/html\", \"value\": \"\u003cspan style=\\\"background-color: transparent;\\\"\u003eFollow the instructions given on \u003c/span\u003e\u003ca target=\\\"_blank\\\" rel=\\\"nofollow\\\" href=\\\"https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2025/WSO2-2024-2702/#solution\\\"\u003e\u003cspan style=\\\"background-color: transparent;\\\"\u003ehttps://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2025/WSO2-2024-2702/#solution\u003c/span\u003e\u003c/a\u003e \u003cbr\u003e\"}], \"value\": \"Follow the instructions given on  https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2025/WSO2-2024-2702/#solution https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2025/WSO2-2024-2702/#solution\"}], \"source\": {\"advisory\": \"WSO2-2024-2702\", \"discovery\": \"EXTERNAL\"}, \"title\": \"Incorrect Authorization in Multiple WSO2 Products Allows Unauthorized Access to Registry Versioned Files\", \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}}, \"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-3511\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-06-23T12:38:22.864048Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-06-23T12:43:40.765Z\"}}]}",
      "cveMetadata": "{\"cveId\": \"CVE-2024-3511\", \"assignerOrgId\": \"ed10eef1-636d-4fbe-9993-6890dfa878f8\", \"state\": \"PUBLISHED\", \"assignerShortName\": \"WSO2\", \"dateReserved\": \"2024-04-09T12:08:02.707Z\", \"datePublished\": \"2025-06-23T08:47:55.266Z\", \"dateUpdated\": \"2025-06-23T12:43:45.452Z\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.