CNNVD-202511-2071 Information
CNNVD ID
CNNVD-202511-2071
Related CVE
- CNNVD Published: 2025-11-18
Description (Chinese)
WSO2 Open Banking AM等都是美国WSO2公司的产品。WSO2 Open Banking AM是一个开放银行加速器。WSO2 Open Banking IAM是一种用于开放银行(Open Banking)领域的身份和访问管理解决方案。WSO2 Traffic Manager是一个调节和管理API流量的组件。 WSO2多款产品存在安全漏洞,该漏洞源于在Carbon控制台的事件处理器中使用HTTP GET方法进行状态更改操作,可能导致跨站请求伪造攻击。以下产品受到影响:WSO2 Open Banking AM、WSO2 Open Banking IAM、WSO2 Traffic Manager、WSO2 Universal Gateway、WSO2 API Control Plane、WSO2 API Manager、WSO2 Identity Server。
Description (English)
WO2 Open Banking AM and others are products of US WSO2. WO2 Open Banking AM is an open bank accelerator. WO2 Open Banking IAM is an identity and access management solution for Open Banking. WO2 Travel Manager is a component for regulating and managing API flows. There is a safety loophole in more than WSO2 products, which stems from the use of HTTP GET for state modification operations in the incident processor at the Carbon console, which may lead to cross-site requests for false attacks. The following products have been affected: WSO2 Open Banking AM, WSO2 Open Banking IAM, WSO2 Trade Manager, WSO2 Universal Gateway, WSO2 API Control Plane, WSO2 API Manager, WSO2 Education Server.
Hazard Level
Medium
Vulnerability Type
其他
Affected Vendor
WSO2
Published
2025-11-18
Last Modified
2026-02-24
References
https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2025/WSO2-2025-4117/ https://access.redhat.com/security/cve/cve-2025-6670
Share on: