Unrated severityNVD Advisory· Published May 30, 2025· Updated May 30, 2025

Incorrect Authorization in Multiple WSO2 Products via SOAP Admin Service Allowing Unauthorized User Signup

CVE-2024-7097

Description

An incorrect authorization vulnerability exists in multiple WSO2 products due to a flaw in the SOAP admin service, which allows user account creation regardless of the self-registration configuration settings. This vulnerability enables malicious actors to create new user accounts without proper authorization.

Exploitation of this flaw could allow an attacker to create multiple low-privileged user accounts, gaining unauthorized access to the system. Additionally, continuous exploitation could lead to system resource exhaustion through mass user creation.

Affected products

Wso2/Wso2 Enterprise Mobility Managerv5
Range: 2.2.0
WSO2/WSO2 Open Banking IAMv5
Range: 2.0.0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

security.docs.wso2.com/en/latest/security-announcements/security-advisories/2024/WSO2-2024-3574/mitrevendor-advisory

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.020
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000