CVE-2022-29464
Scores
EPSS
0.944High94.4%
0%20%40%60%80%100%
Percentile: 94.4%
CVSS
9.8Critical3.x
0246810
CVSS Score: 9.8/10
All CVSS Scores
CVSS 3.x
9.8Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vector Breakdown
CVSS (Common Vulnerability Scoring System) vector provides detailed metrics about vulnerability characteristics
CVSS
Attack Vector
Network (N)
Describes how the vulnerability is exploited
AV:N
Attack Complexity
Low (L)
Describes the conditions beyond the attacker's control
AC:L
Privileges Required
None (N)
Describes the level of privileges an attacker must possess
PR:N
User Interaction
None (N)
Captures the requirement for a human user participation
UI:N
Scope
Unchanged (U)
Determines if a successful attack impacts components beyond the vulnerable component
S:U
Confidentiality Impact
High (H)
Measures the impact to the confidentiality of information
C:H
Integrity Impact
High (H)
Measures the impact to integrity of a successfully exploited vulnerability
I:H
Availability Impact
High (H)
Measures the impact to the availability of the impacted component
A:H
CVSS 2.0
10.0Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Vector Breakdown
CVSS (Common Vulnerability Scoring System) vector provides detailed metrics about vulnerability characteristics
CVSS
Attack Vector
Network (N)
Describes how the vulnerability is exploited
AV:N
Attack Complexity
Low (L)
Describes the conditions beyond the attacker's control
AC:L
Authentication
None (N)
Describes the level of privileges an attacker must possess
Au:N
Confidentiality Impact
Complete
Measures the impact to the confidentiality of information
C:C
Integrity Impact
Complete
Measures the impact to integrity of a successfully exploited vulnerability
I:C
Availability Impact
Complete
Measures the impact to the availability of the impacted component
A:C
Description
Certain WSO2 products allow unrestricted file upload with resultant remote code execution. The attacker must use a /fileupload endpoint with a Content-Disposition directory traversal sequence to reach a directory under the web root, such as a ../../../../repository/deployment/server/webapps directory. This affects WSO2 API Manager 2.2.0 up to 4.0.0, WSO2 Identity Server 5.2.0 up to 5.11.0, WSO2 Identity Server Analytics 5.4.0, 5.4.1, 5.5.0 and 5.6.0, WSO2 Identity Server as Key Manager 5.3.0 up to 5.11.0, WSO2 Enterprise Integrator 6.2.0 up to 6.6.0, WSO2 Open Banking AM 1.4.0 up to 2.0.0 and WSO2 Open Banking KM 1.4.0, up to 2.0.0.
Scaner-VS 7 — a modern vulnerability management solution
Uses this database for vulnerability detection. High-speed search, cross-platform, advanced configuration audit, and flexible filtering. Suitable for organizations of any size.
Learn more about Scaner-VS 7Sources
nvd
CWEs
CWE-22
Related Vulnerabilities
Exploits
Vulnerable Software (8)
Type: Configuration
Vendor: wso2
Product: api_manager
Operating System: * * *
Trait:
{
"cpe_match": [
{
"cpe23uri": "cpe:2.3:a:wso2:api_manager:*:*:*:*:*:*:*:*",
"versionEndIncluding": "4.0.0",
"versionStartIncluding": "2.2.0",
"vulnerable": true
},
...{
"cpe_match": [
{
"cpe23uri": "cpe:2.3:a:wso2:api_manager:*:*:*:*:*:*:*:*",
"versionEndIncluding": "4.0.0",
"versionStartIncluding": "2.2.0",
"vulnerable": true
},
{
"cpe23uri": "cpe:2.3:a:wso2:enterprise_integrator:*:*:*:*:*:*:*:*",
"versionEndIncluding": "6.6.0",
"versionStartIncluding": "6.2.0",
"vulnerable": true
},
{
"cpe23uri": "cpe:2.3:a:wso2:identity_server:*:*:*:*:*:*:*:*",
"versionEndIncluding": "5.11.0",
"versionStartIncluding": "5.2.0",
"vulnerable": true
},
{
"cpe23uri": "cpe:2.3:a:wso2:identity_server_analytics:5.4.0:*:*:*:*:*:*:*",
"vulnerable": true
},
{
"cpe23uri": "cpe:2.3:a:wso2:identity_server_analytics:5.4.1:*:*:*:*:*:*:*",
"vulnerable": true
},
{
"cpe23uri": "cpe:2.3:a:wso2:identity_server_analytics:5.5.0:*:*:*:*:*:*:*",
"vulnerable": true
},
{
"cpe23uri": "cpe:2.3:a:wso2:identity_server_analytics:5.6.0:*:*:*:*:*:*:*",
"vulnerable": true
},
{
"cpe23uri": "cpe:2.3:a:wso2:identity_server_as_key_manager:*:*:*:*:*:*:*:*",
"versionEndIncluding": "5.10.0",
"versionStartIncluding": "5.3.0",
"vulnerable": true
},
{
"cpe23uri": "cpe:2.3:a:wso2:open_banking_am:*:*:*:*:*:*:*:*",
"versionEndIncluding": "2.0.0",
"versionStartIncluding": "1.3.0",
"vulnerable": true
},
{
"cpe23uri": "cpe:2.3:a:wso2:open_banking_iam:2.0.0:*:*:*:*:*:*:*",
"vulnerable": true
},
{
"cpe23uri": "cpe:2.3:a:wso2:open_banking_km:*:*:*:*:*:*:*:*",
"versionEndIncluding": "1.5.0",
"versionStartIncluding": "1.3.0",
"vulnerable": true
}
],
"operator": "OR"
}Source: nvd
Type: Configuration
Vendor: wso2
Product: enterprise_integrator
Operating System: * * *
Trait:
{
"cpe_match": [
{
"cpe23uri": "cpe:2.3:a:wso2:api_manager:*:*:*:*:*:*:*:*",
"versionEndIncluding": "4.0.0",
"versionStartIncluding": "2.2.0",
"vulnerable": true
},
...{
"cpe_match": [
{
"cpe23uri": "cpe:2.3:a:wso2:api_manager:*:*:*:*:*:*:*:*",
"versionEndIncluding": "4.0.0",
"versionStartIncluding": "2.2.0",
"vulnerable": true
},
{
"cpe23uri": "cpe:2.3:a:wso2:enterprise_integrator:*:*:*:*:*:*:*:*",
"versionEndIncluding": "6.6.0",
"versionStartIncluding": "6.2.0",
"vulnerable": true
},
{
"cpe23uri": "cpe:2.3:a:wso2:identity_server:*:*:*:*:*:*:*:*",
"versionEndIncluding": "5.11.0",
"versionStartIncluding": "5.2.0",
"vulnerable": true
},
{
"cpe23uri": "cpe:2.3:a:wso2:identity_server_analytics:5.4.0:*:*:*:*:*:*:*",
"vulnerable": true
},
{
"cpe23uri": "cpe:2.3:a:wso2:identity_server_analytics:5.4.1:*:*:*:*:*:*:*",
"vulnerable": true
},
{
"cpe23uri": "cpe:2.3:a:wso2:identity_server_analytics:5.5.0:*:*:*:*:*:*:*",
"vulnerable": true
},
{
"cpe23uri": "cpe:2.3:a:wso2:identity_server_analytics:5.6.0:*:*:*:*:*:*:*",
"vulnerable": true
},
{
"cpe23uri": "cpe:2.3:a:wso2:identity_server_as_key_manager:*:*:*:*:*:*:*:*",
"versionEndIncluding": "5.10.0",
"versionStartIncluding": "5.3.0",
"vulnerable": true
},
{
"cpe23uri": "cpe:2.3:a:wso2:open_banking_am:*:*:*:*:*:*:*:*",
"versionEndIncluding": "2.0.0",
"versionStartIncluding": "1.3.0",
"vulnerable": true
},
{
"cpe23uri": "cpe:2.3:a:wso2:open_banking_iam:2.0.0:*:*:*:*:*:*:*",
"vulnerable": true
},
{
"cpe23uri": "cpe:2.3:a:wso2:open_banking_km:*:*:*:*:*:*:*:*",
"versionEndIncluding": "1.5.0",
"versionStartIncluding": "1.3.0",
"vulnerable": true
}
],
"operator": "OR"
}Source: nvd
Type: Configuration
Vendor: wso2
Product: identity_server
Operating System: * * *
Trait:
{
"cpe_match": [
{
"cpe23uri": "cpe:2.3:a:wso2:api_manager:*:*:*:*:*:*:*:*",
"versionEndIncluding": "4.0.0",
"versionStartIncluding": "2.2.0",
"vulnerable": true
},
...{
"cpe_match": [
{
"cpe23uri": "cpe:2.3:a:wso2:api_manager:*:*:*:*:*:*:*:*",
"versionEndIncluding": "4.0.0",
"versionStartIncluding": "2.2.0",
"vulnerable": true
},
{
"cpe23uri": "cpe:2.3:a:wso2:enterprise_integrator:*:*:*:*:*:*:*:*",
"versionEndIncluding": "6.6.0",
"versionStartIncluding": "6.2.0",
"vulnerable": true
},
{
"cpe23uri": "cpe:2.3:a:wso2:identity_server:*:*:*:*:*:*:*:*",
"versionEndIncluding": "5.11.0",
"versionStartIncluding": "5.2.0",
"vulnerable": true
},
{
"cpe23uri": "cpe:2.3:a:wso2:identity_server_analytics:5.4.0:*:*:*:*:*:*:*",
"vulnerable": true
},
{
"cpe23uri": "cpe:2.3:a:wso2:identity_server_analytics:5.4.1:*:*:*:*:*:*:*",
"vulnerable": true
},
{
"cpe23uri": "cpe:2.3:a:wso2:identity_server_analytics:5.5.0:*:*:*:*:*:*:*",
"vulnerable": true
},
{
"cpe23uri": "cpe:2.3:a:wso2:identity_server_analytics:5.6.0:*:*:*:*:*:*:*",
"vulnerable": true
},
{
"cpe23uri": "cpe:2.3:a:wso2:identity_server_as_key_manager:*:*:*:*:*:*:*:*",
"versionEndIncluding": "5.10.0",
"versionStartIncluding": "5.3.0",
"vulnerable": true
},
{
"cpe23uri": "cpe:2.3:a:wso2:open_banking_am:*:*:*:*:*:*:*:*",
"versionEndIncluding": "2.0.0",
"versionStartIncluding": "1.3.0",
"vulnerable": true
},
{
"cpe23uri": "cpe:2.3:a:wso2:open_banking_iam:2.0.0:*:*:*:*:*:*:*",
"vulnerable": true
},
{
"cpe23uri": "cpe:2.3:a:wso2:open_banking_km:*:*:*:*:*:*:*:*",
"versionEndIncluding": "1.5.0",
"versionStartIncluding": "1.3.0",
"vulnerable": true
}
],
"operator": "OR"
}Source: nvd
Type: Configuration
Vendor: wso2
Product: identity_server_analytics
Operating System: * * *
Trait:
{
"cpe_match": [
{
"cpe23uri": "cpe:2.3:a:wso2:api_manager:*:*:*:*:*:*:*:*",
"versionEndIncluding": "4.0.0",
"versionStartIncluding": "2.2.0",
"vulnerable": true
},
...{
"cpe_match": [
{
"cpe23uri": "cpe:2.3:a:wso2:api_manager:*:*:*:*:*:*:*:*",
"versionEndIncluding": "4.0.0",
"versionStartIncluding": "2.2.0",
"vulnerable": true
},
{
"cpe23uri": "cpe:2.3:a:wso2:enterprise_integrator:*:*:*:*:*:*:*:*",
"versionEndIncluding": "6.6.0",
"versionStartIncluding": "6.2.0",
"vulnerable": true
},
{
"cpe23uri": "cpe:2.3:a:wso2:identity_server:*:*:*:*:*:*:*:*",
"versionEndIncluding": "5.11.0",
"versionStartIncluding": "5.2.0",
"vulnerable": true
},
{
"cpe23uri": "cpe:2.3:a:wso2:identity_server_analytics:5.4.0:*:*:*:*:*:*:*",
"vulnerable": true
},
{
"cpe23uri": "cpe:2.3:a:wso2:identity_server_analytics:5.4.1:*:*:*:*:*:*:*",
"vulnerable": true
},
{
"cpe23uri": "cpe:2.3:a:wso2:identity_server_analytics:5.5.0:*:*:*:*:*:*:*",
"vulnerable": true
},
{
"cpe23uri": "cpe:2.3:a:wso2:identity_server_analytics:5.6.0:*:*:*:*:*:*:*",
"vulnerable": true
},
{
"cpe23uri": "cpe:2.3:a:wso2:identity_server_as_key_manager:*:*:*:*:*:*:*:*",
"versionEndIncluding": "5.10.0",
"versionStartIncluding": "5.3.0",
"vulnerable": true
},
{
"cpe23uri": "cpe:2.3:a:wso2:open_banking_am:*:*:*:*:*:*:*:*",
"versionEndIncluding": "2.0.0",
"versionStartIncluding": "1.3.0",
"vulnerable": true
},
{
"cpe23uri": "cpe:2.3:a:wso2:open_banking_iam:2.0.0:*:*:*:*:*:*:*",
"vulnerable": true
},
{
"cpe23uri": "cpe:2.3:a:wso2:open_banking_km:*:*:*:*:*:*:*:*",
"versionEndIncluding": "1.5.0",
"versionStartIncluding": "1.3.0",
"vulnerable": true
}
],
"operator": "OR"
}Source: nvd
Type: Configuration
Vendor: wso2
Product: identity_server_as_key_manager
Operating System: * * *
Trait:
{
"cpe_match": [
{
"cpe23uri": "cpe:2.3:a:wso2:api_manager:*:*:*:*:*:*:*:*",
"versionEndIncluding": "4.0.0",
"versionStartIncluding": "2.2.0",
"vulnerable": true
},
...{
"cpe_match": [
{
"cpe23uri": "cpe:2.3:a:wso2:api_manager:*:*:*:*:*:*:*:*",
"versionEndIncluding": "4.0.0",
"versionStartIncluding": "2.2.0",
"vulnerable": true
},
{
"cpe23uri": "cpe:2.3:a:wso2:enterprise_integrator:*:*:*:*:*:*:*:*",
"versionEndIncluding": "6.6.0",
"versionStartIncluding": "6.2.0",
"vulnerable": true
},
{
"cpe23uri": "cpe:2.3:a:wso2:identity_server:*:*:*:*:*:*:*:*",
"versionEndIncluding": "5.11.0",
"versionStartIncluding": "5.2.0",
"vulnerable": true
},
{
"cpe23uri": "cpe:2.3:a:wso2:identity_server_analytics:5.4.0:*:*:*:*:*:*:*",
"vulnerable": true
},
{
"cpe23uri": "cpe:2.3:a:wso2:identity_server_analytics:5.4.1:*:*:*:*:*:*:*",
"vulnerable": true
},
{
"cpe23uri": "cpe:2.3:a:wso2:identity_server_analytics:5.5.0:*:*:*:*:*:*:*",
"vulnerable": true
},
{
"cpe23uri": "cpe:2.3:a:wso2:identity_server_analytics:5.6.0:*:*:*:*:*:*:*",
"vulnerable": true
},
{
"cpe23uri": "cpe:2.3:a:wso2:identity_server_as_key_manager:*:*:*:*:*:*:*:*",
"versionEndIncluding": "5.10.0",
"versionStartIncluding": "5.3.0",
"vulnerable": true
},
{
"cpe23uri": "cpe:2.3:a:wso2:open_banking_am:*:*:*:*:*:*:*:*",
"versionEndIncluding": "2.0.0",
"versionStartIncluding": "1.3.0",
"vulnerable": true
},
{
"cpe23uri": "cpe:2.3:a:wso2:open_banking_iam:2.0.0:*:*:*:*:*:*:*",
"vulnerable": true
},
{
"cpe23uri": "cpe:2.3:a:wso2:open_banking_km:*:*:*:*:*:*:*:*",
"versionEndIncluding": "1.5.0",
"versionStartIncluding": "1.3.0",
"vulnerable": true
}
],
"operator": "OR"
}Source: nvd
Type: Configuration
Vendor: wso2
Product: open_banking_am
Operating System: * * *
Trait:
{
"cpe_match": [
{
"cpe23uri": "cpe:2.3:a:wso2:api_manager:*:*:*:*:*:*:*:*",
"versionEndIncluding": "4.0.0",
"versionStartIncluding": "2.2.0",
"vulnerable": true
},
...{
"cpe_match": [
{
"cpe23uri": "cpe:2.3:a:wso2:api_manager:*:*:*:*:*:*:*:*",
"versionEndIncluding": "4.0.0",
"versionStartIncluding": "2.2.0",
"vulnerable": true
},
{
"cpe23uri": "cpe:2.3:a:wso2:enterprise_integrator:*:*:*:*:*:*:*:*",
"versionEndIncluding": "6.6.0",
"versionStartIncluding": "6.2.0",
"vulnerable": true
},
{
"cpe23uri": "cpe:2.3:a:wso2:identity_server:*:*:*:*:*:*:*:*",
"versionEndIncluding": "5.11.0",
"versionStartIncluding": "5.2.0",
"vulnerable": true
},
{
"cpe23uri": "cpe:2.3:a:wso2:identity_server_analytics:5.4.0:*:*:*:*:*:*:*",
"vulnerable": true
},
{
"cpe23uri": "cpe:2.3:a:wso2:identity_server_analytics:5.4.1:*:*:*:*:*:*:*",
"vulnerable": true
},
{
"cpe23uri": "cpe:2.3:a:wso2:identity_server_analytics:5.5.0:*:*:*:*:*:*:*",
"vulnerable": true
},
{
"cpe23uri": "cpe:2.3:a:wso2:identity_server_analytics:5.6.0:*:*:*:*:*:*:*",
"vulnerable": true
},
{
"cpe23uri": "cpe:2.3:a:wso2:identity_server_as_key_manager:*:*:*:*:*:*:*:*",
"versionEndIncluding": "5.10.0",
"versionStartIncluding": "5.3.0",
"vulnerable": true
},
{
"cpe23uri": "cpe:2.3:a:wso2:open_banking_am:*:*:*:*:*:*:*:*",
"versionEndIncluding": "2.0.0",
"versionStartIncluding": "1.3.0",
"vulnerable": true
},
{
"cpe23uri": "cpe:2.3:a:wso2:open_banking_iam:2.0.0:*:*:*:*:*:*:*",
"vulnerable": true
},
{
"cpe23uri": "cpe:2.3:a:wso2:open_banking_km:*:*:*:*:*:*:*:*",
"versionEndIncluding": "1.5.0",
"versionStartIncluding": "1.3.0",
"vulnerable": true
}
],
"operator": "OR"
}Source: nvd
Type: Configuration
Vendor: wso2
Product: open_banking_iam
Operating System: * * *
Trait:
{
"cpe_match": [
{
"cpe23uri": "cpe:2.3:a:wso2:api_manager:*:*:*:*:*:*:*:*",
"versionEndIncluding": "4.0.0",
"versionStartIncluding": "2.2.0",
"vulnerable": true
},
...{
"cpe_match": [
{
"cpe23uri": "cpe:2.3:a:wso2:api_manager:*:*:*:*:*:*:*:*",
"versionEndIncluding": "4.0.0",
"versionStartIncluding": "2.2.0",
"vulnerable": true
},
{
"cpe23uri": "cpe:2.3:a:wso2:enterprise_integrator:*:*:*:*:*:*:*:*",
"versionEndIncluding": "6.6.0",
"versionStartIncluding": "6.2.0",
"vulnerable": true
},
{
"cpe23uri": "cpe:2.3:a:wso2:identity_server:*:*:*:*:*:*:*:*",
"versionEndIncluding": "5.11.0",
"versionStartIncluding": "5.2.0",
"vulnerable": true
},
{
"cpe23uri": "cpe:2.3:a:wso2:identity_server_analytics:5.4.0:*:*:*:*:*:*:*",
"vulnerable": true
},
{
"cpe23uri": "cpe:2.3:a:wso2:identity_server_analytics:5.4.1:*:*:*:*:*:*:*",
"vulnerable": true
},
{
"cpe23uri": "cpe:2.3:a:wso2:identity_server_analytics:5.5.0:*:*:*:*:*:*:*",
"vulnerable": true
},
{
"cpe23uri": "cpe:2.3:a:wso2:identity_server_analytics:5.6.0:*:*:*:*:*:*:*",
"vulnerable": true
},
{
"cpe23uri": "cpe:2.3:a:wso2:identity_server_as_key_manager:*:*:*:*:*:*:*:*",
"versionEndIncluding": "5.10.0",
"versionStartIncluding": "5.3.0",
"vulnerable": true
},
{
"cpe23uri": "cpe:2.3:a:wso2:open_banking_am:*:*:*:*:*:*:*:*",
"versionEndIncluding": "2.0.0",
"versionStartIncluding": "1.3.0",
"vulnerable": true
},
{
"cpe23uri": "cpe:2.3:a:wso2:open_banking_iam:2.0.0:*:*:*:*:*:*:*",
"vulnerable": true
},
{
"cpe23uri": "cpe:2.3:a:wso2:open_banking_km:*:*:*:*:*:*:*:*",
"versionEndIncluding": "1.5.0",
"versionStartIncluding": "1.3.0",
"vulnerable": true
}
],
"operator": "OR"
}Source: nvd
Type: Configuration
Vendor: wso2
Product: open_banking_km
Operating System: * * *
Trait:
{
"cpe_match": [
{
"cpe23uri": "cpe:2.3:a:wso2:api_manager:*:*:*:*:*:*:*:*",
"versionEndIncluding": "4.0.0",
"versionStartIncluding": "2.2.0",
"vulnerable": true
},
...{
"cpe_match": [
{
"cpe23uri": "cpe:2.3:a:wso2:api_manager:*:*:*:*:*:*:*:*",
"versionEndIncluding": "4.0.0",
"versionStartIncluding": "2.2.0",
"vulnerable": true
},
{
"cpe23uri": "cpe:2.3:a:wso2:enterprise_integrator:*:*:*:*:*:*:*:*",
"versionEndIncluding": "6.6.0",
"versionStartIncluding": "6.2.0",
"vulnerable": true
},
{
"cpe23uri": "cpe:2.3:a:wso2:identity_server:*:*:*:*:*:*:*:*",
"versionEndIncluding": "5.11.0",
"versionStartIncluding": "5.2.0",
"vulnerable": true
},
{
"cpe23uri": "cpe:2.3:a:wso2:identity_server_analytics:5.4.0:*:*:*:*:*:*:*",
"vulnerable": true
},
{
"cpe23uri": "cpe:2.3:a:wso2:identity_server_analytics:5.4.1:*:*:*:*:*:*:*",
"vulnerable": true
},
{
"cpe23uri": "cpe:2.3:a:wso2:identity_server_analytics:5.5.0:*:*:*:*:*:*:*",
"vulnerable": true
},
{
"cpe23uri": "cpe:2.3:a:wso2:identity_server_analytics:5.6.0:*:*:*:*:*:*:*",
"vulnerable": true
},
{
"cpe23uri": "cpe:2.3:a:wso2:identity_server_as_key_manager:*:*:*:*:*:*:*:*",
"versionEndIncluding": "5.10.0",
"versionStartIncluding": "5.3.0",
"vulnerable": true
},
{
"cpe23uri": "cpe:2.3:a:wso2:open_banking_am:*:*:*:*:*:*:*:*",
"versionEndIncluding": "2.0.0",
"versionStartIncluding": "1.3.0",
"vulnerable": true
},
{
"cpe23uri": "cpe:2.3:a:wso2:open_banking_iam:2.0.0:*:*:*:*:*:*:*",
"vulnerable": true
},
{
"cpe23uri": "cpe:2.3:a:wso2:open_banking_km:*:*:*:*:*:*:*:*",
"versionEndIncluding": "1.5.0",
"versionStartIncluding": "1.3.0",
"vulnerable": true
}
],
"operator": "OR"
}Source: nvd