CNNVD-202510-2367 Information

CNNVD ID

CNNVD-202510-2367

Related CVE

CVE-2025-9152

• CNNVD Published: 2025-10-16

Description (Chinese)

WSO2 API Manager和WSO2 API Control Plane都是美国WSO2公司的产品。WSO2 API Manager是一套API生命周期管理解决方案。WSO2 API Control Plane是一个控制面板。 WSO2 API Manager和WSO2 API Control Plane存在安全漏洞，该漏洞源于keymanager-operations Dynamic Client Registration端点缺少身份验证和授权检查，可能导致权限提升攻击。

Description (English)

WSO2 API Manager and WSO2 API Control Plane are products of WSO2 in the United States. WO2 API Manager is an API life-cycle management solution. WO2 API Control Plane is a control panel. There is a security loophole in WO2 API Manager and WO2 API Control Plane, which stems from the lack of identification and authorization checks at the Kenyamanager-operations Dynamic Clinical Response endpoint, which could lead to an enhanced mandate attack.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

WSO2

Published

2025-10-16

Last Modified

2026-02-24

References

https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2025/WSO2-2025-4483/

Patch

https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2025/WSO2-2025-4483/