CVE Alert: CVE-2024-6914
Vulnerability Summary: CVE-2024-6914
An incorrect authorization vulnerability exists in multiple WSO2 products due to a business logic flaw in the account recovery-related SOAP admin service. A malicious actor can exploit this vulnerability to reset the password of any user account, leading to a complete account takeover, including accounts with elevated privileges. This vulnerability is exploitable only through the account recovery SOAP admin services exposed via the “/services” context path in affected products. The impact may be reduced if access to these endpoints has been restricted based on the “Security Guidelines for Production Deployment” by disabling exposure to untrusted networks.
Affected Endpoints:
No affected endpoints listed.
Published Date:
5/22/2025, 7:15:42 PM
💀 CVSS Score:
Exploit Status:
Not ExploitedReferences:
- https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2024/WSO2-2024-3561/
- https://security.docs.wso2.com/en/latest/security-guidelines/security-guidelines-for-production-deployment/
Recommended Action:
No proposed action available. Please refer to vendor documentation for updates.
A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.
If you like the site, please support us on “Patreon” or “Buy Me A Coffee” using the buttons below
To keep up to date follow us on the below channels.
