CVE-2024-7487

Improper Authentication in WSO2 Identity Server 7.0.0 Allows Bypass of App-Native Authentication

Description

An improper authentication vulnerability exists in WSO2 Identity Server 7.0.0 due to an implementation flaw that allows app-native authentication to be bypassed when an invalid object is passed. Exploitation of this vulnerability could enable malicious actors to circumvent the client verification mechanism, compromising the integrity of the authentication process.

Remediation

Solution:

Follow the instructions given on https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2024/WSO2-2024-3348/#solution https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2024/WSO2-2024-3348/#solution

References

Link	Tags
https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2024/WSO2-2024-3348/	vendor advisory

Frequently Asked Questions

What is the severity of CVE-2024-7487?: CVE-2024-7487 has been scored as a medium severity vulnerability.
How to fix CVE-2024-7487?: To fix CVE-2024-7487: Follow the instructions given on https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2024/WSO2-2024-3348/#solution https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2024/WSO2-2024-3348/#solution
Is CVE-2024-7487 being actively exploited in the wild?: As for now, there are no information to confirm that CVE-2024-7487 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2024-7487?: CVE-2024-7487 affects WSO2 WSO2 Identity Server, WSO2 Client Attestation Filter, WSO2 WSO2 Carbon Identity Client Attestation Met Data Mgt BE.

Description

Remediation

Category

CWE-287 – Improper Authentication

References

Frequently Asked Questions