CVE-2024-7097

May 31, 2025 invoker category_news

Security Update News

Update Information

Title CVE-2024-7097
Update ID CVE-2024-7097
Type cve
Published 2025-05-30T15:15:40
Last Updated 2025-05-30T17:15:28

Security Impact

CVSS Score 4.3
Severity MEDIUM
Attack Vector ADJACENT

Affected CVEs

  • CVE-2024-7097

Update Details

An incorrect authorization vulnerability exists in multiple WSO2 products due to a flaw in the SOAP admin service, which allows user account creation regardless of the self-registration configuration settings. This vulnerability enables malicious actors to create new user accounts without proper authorization.

Exploitation of this flaw could allow an attacker to create multiple low-privileged user accounts, gaining unauthorized access to the system. Additionally, continuous exploitation could lead to system resource exhaustion through mass user creation.

View Advisory Details

💭 Join the Security Discussion

🔒 Your email address will not be published. Required fields are marked *

⚠️ Please be respectful and constructive in your comments. Security discussions should remain professional.