CVE-2023-6835

Multiple WSO2 products have been identified as vulnerable due to lack of server-side input validation in the Forum feature, API rating could be manipulated.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:wso2:api_manager:2.2.0:*:*:*:*:*:*:*
cpe:2.3:a:wso2:api_manager:2.5.0:*:*:*:*:*:*:*
cpe:2.3:a:wso2:api_manager:2.6.0:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:a:wso2:iot_server:3.3.1:*:*:*:*:*:*:*

History

28 Dec 2023, 20:19

Type Values Removed Values Added
CWE CWE-20
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 5.3
CPE cpe:2.3:a:wso2:api_manager:2.2.0:*:*:*:*:*:*:*
cpe:2.3:a:wso2:api_manager:2.6.0:*:*:*:*:*:*:*
cpe:2.3:a:wso2:iot_server:3.3.1:*:*:*:*:*:*:*
cpe:2.3:a:wso2:api_manager:2.5.0:*:*:*:*:*:*:*
References () https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2021/WSO2-2021-1357/ - () https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2021/WSO2-2021-1357/ - Vendor Advisory

15 Dec 2023, 10:15

Type Values Removed Values Added
New CVE

Information

Published : 2023-12-15 10:15

Updated : 2024-02-05 00:22


NVD link : CVE-2023-6835

Mitre link : CVE-2023-6835

CVE.ORG link : CVE-2023-6835


JSON object : View

Products Affected

wso2

  • iot_server
  • api_manager
CWE
CWE-20

Improper Input Validation