Filtered by vendor Wso2 Subscriptions
Filtered by product Enterprise Mobility Manager Subscriptions
Total 4 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2025-9804 1 Wso2 16 Api Control Plane, Api Manager, Api Manager Analytics and 13 more 2025-10-21 8.9 High
An improper access control vulnerability exists in multiple WSO2 products due to insufficient permission enforcement in certain internal SOAP Admin Services and System REST APIs. A low-privileged user may exploit this flaw to perform unauthorized operations, including accessing server-level information. This vulnerability affects only internal administrative interfaces. APIs exposed through the WSO2 API Manager's API Gateway remain unaffected.
CVE-2024-7096 1 Wso2 7 Api Manager, Enterprise Mobility Manager, Identity Server and 4 more 2025-10-06 4.2 Medium
A privilege escalation vulnerability exists in multiple [Vendor Name] products due to a business logic flaw in SOAP admin services. A malicious actor can create a new user with elevated permissions only when all of the following conditions are met: * SOAP admin services are accessible to the attacker. * The deployment includes an internally used attribute that is not part of the default WSO2 product configuration. * At least one custom role exists with non-default permissions. * The attacker has knowledge of the custom role and the internal attribute used in the deployment. Exploiting this vulnerability allows malicious actors to assign higher privileges to self-registered users, bypassing intended access control mechanisms.
CVE-2024-7097 1 Wso2 7 Api Manager, Enterprise Mobility Manager, Identity Server and 4 more 2025-10-06 4.3 Medium
An incorrect authorization vulnerability exists in multiple WSO2 products due to a flaw in the SOAP admin service, which allows user account creation regardless of the self-registration configuration settings. This vulnerability enables malicious actors to create new user accounts without proper authorization. Exploitation of this flaw could allow an attacker to create multiple low-privileged user accounts, gaining unauthorized access to the system. Additionally, continuous exploitation could lead to system resource exhaustion through mass user creation.
CVE-2017-14651 1 Wso2 17 Api Manager, App Manager, Application Server and 14 more 2025-04-20 4.8 Medium
WSO2 Data Analytics Server 3.1.0 has XSS in carbon/resources/add_collection_ajaxprocessor.jsp via the collectionName or parentPath parameter.