Multiple WSO2 products have been identified as vulnerable due to lack of server-side input validation in the Forum feature, API rating could be manipulated.
References
Link | Resource |
---|---|
https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2021/WSO2-2021-1357/ | Vendor Advisory |
Configurations
History
28 Dec 2023, 20:19
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-20 | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.3 |
CPE | cpe:2.3:a:wso2:api_manager:2.2.0:*:*:*:*:*:*:* cpe:2.3:a:wso2:api_manager:2.6.0:*:*:*:*:*:*:* cpe:2.3:a:wso2:iot_server:3.3.1:*:*:*:*:*:*:* cpe:2.3:a:wso2:api_manager:2.5.0:*:*:*:*:*:*:* |
|
References | () https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2021/WSO2-2021-1357/ - Vendor Advisory |
15 Dec 2023, 10:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-12-15 10:15
Updated : 2024-02-05 00:22
NVD link : CVE-2023-6835
Mitre link : CVE-2023-6835
CVE.ORG link : CVE-2023-6835
JSON object : View
Products Affected
wso2
- iot_server
- api_manager
CWE
CWE-20
Improper Input Validation