CNNVD-202510-2366 Information
CNNVD ID
CNNVD-202510-2366
Related CVE
- CNNVD Published: 2025-10-16
Description (Chinese)
WSO2 API Manager等都是美国WSO2公司的产品。WSO2 API Manager是一套API生命周期管理解决方案。WSO2 API Manager Analytics是一个分析组件。WSO2 API Control Plane是一个控制面板。 WSO2多款产品存在安全漏洞,该漏洞源于内部SOAP Admin Services和System REST API权限执行不足,可能导致低权限用户执行未授权操作。以下产品受到影响:API Manager Analytics、WSO2 API Control Plane、WSO2 API Manager、WSO2 Data Analytics Server、WSO2 Enterprise Integrator、WSO2 Enterprise Mobility Manager、WSO2 Enterprise Service Bus Analytics、WSO2 Identity Server Analytics、WSO2 Identity Server as Key Manager、WSO2 Identity Server、WSO2 Open Banking AM、WSO2 Open Banking IAM、WSO2 Open Banking KM、WSO2 Traffic Manager和WSO2 Universal Gateway。
Description (English)
WSO2 API Manager and others are products of WSO2 in the United States. WO2 API Manager is an API life-cycle management solution. WO2 API Manager Analytics is an analytical component. WO2 API Control Plane is a control panel. There is a safety loophole in more than WSO2 products, which stems from the in-house implementation of SOAP Admin Services and System REST API privileges, which may lead low-licensed users to perform unauthorized operations. The following products were affected: API Manager Analytics, WO2 API Control Plane, WO2 API Manager, WSO2 Data Analytics Server, WSO2 Enterprise Integrator, WSO2 Enterprise Mobile Manager, WSO2 Enterprise Service Bus Analytics, WSO2 Industry Servers, WSO2 Technology Servers, WSO2 Idity Servers as Key Manager, WSO2 Industrial Security Server, WSO2 Open Banking AM, WSO2 Open Banking IAM, WSO2 Trading Manager and WSO2 Universal Gateway.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
WSO2
Published
2025-10-16
Last Modified
2026-02-24