WSO2 Management 漏洞列表
共找到 4 个与 WSO2 Management 相关的漏洞
📅 加载漏洞趋势中...
-
CVE-2022-29464: WSO2 Management - Arbitrary File Upload & Remote Code Execution POC
CVE-2022-29464 是 Orange Tsai发现的 WSO2 上的严重漏洞。该漏洞是一种未经身份验证的无限制任意文件上传,允许未经身份验证的攻击者通过上传恶意 JSP 文件在 WSO2 服务器上获得 RCE。 WSO2 API Manager 2.2.0 and above WSO2 Identity Server 5.2.0 and above WSO2 Identity Server Analytics 5.4.0, 5.4.1, 5.5.0, 5.6.0 WSO2 Identity Server as Key Manager 5.3.0 and above WSO2 Enterprise Integrator 6.2.0 and above -
CVE-2022-29464: WSO2 Management - Arbitrary File Upload & Remote Code Execution POC
Certain WSO2 products allow unrestricted file upload with resultant remote code execution. This affects WSO2 API Manager 2.2.0 and above through 4.0.0; WSO2 Identity Server 5.2.0 and above through 5.11.0; WSO2 Identity Server Analytics 5.4.0, 5.4.1, 5.5.0, and 5.6.0; WSO2 Identity Server as Key Manager 5.3.0 and above through 5.10.0; and WSO2 Enterprise Integrator 6.2.0 and above through 6.6.0. -
WSO2 Management CVE-2022-29548跨站脚本漏洞 无POC
WSO2 Management存在跨站脚本漏洞,此漏洞是缺乏校验导致的。 -
WSO2 Management XSS(CVE-2022-29548) 无POC
由于不正确的输出编码,可以通过篡改管理控制台中的参数来执行反射跨站脚本 (XSS) 攻击。