{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-18T19:08:20.828","vulnerabilities":[{"cve":{"id":"CVE-2024-3511","sourceIdentifier":"ed10eef1-636d-4fbe-9993-6890dfa878f8","published":"2025-06-23T09:15:21.580","lastModified":"2025-10-06T13:35:40.377","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"An incorrect authorization vulnerability exists in multiple WSO2 products that allows unauthorized access to versioned files stored in the registry. Due to flawed authorization logic, a malicious actor with access to the management console can exploit a specific bypass method to retrieve versioned files without proper authorization.\n\nSuccessful exploitation of this vulnerability could lead to unauthorized disclosure of configuration or resource files that may be stored as registry versions, potentially aiding further attacks or system reconnaissance."},{"lang":"es","value":"Existe una vulnerabilidad de autorización incorrecta en varios productos WSO2 que permite el acceso no autorizado a archivos versionados almacenados en el registro. Debido a una lógica de autorización defectuosa, un agente malicioso con acceso a la consola de administración puede explotar un método de omisión específico para recuperar archivos versionados sin la debida autorización. La explotación exitosa de esta vulnerabilidad podría conllevar la divulgación no autorizada de archivos de configuración o recursos que podrían estar almacenados como versiones del registro, lo que podría facilitar nuevos ataques o el reconocimiento del sistema."}],"metrics":{"cvssMetricV31":[{"source":"ed10eef1-636d-4fbe-9993-6890dfa878f8","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"ADJACENT_NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4}]},"weaknesses":[{"source":"ed10eef1-636d-4fbe-9993-6890dfa878f8","type":"Secondary","description":[{"lang":"en","value":"CWE-863"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:wso2:api_manager:3.2.0:*:*:*:*:*:*:*","matchCriteriaId":"E31E32CD-497E-4EF5-B3FC-8718EE06EDAD"},{"vulnerable":true,"criteria":"cpe:2.3:a:wso2:api_manager:3.2.1:*:*:*:*:*:*:*","matchCriteriaId":"B58251E8-606B-47C8-8E50-9F9FC8C179BD"},{"vulnerable":true,"criteria":"cpe:2.3:a:wso2:api_manager:4.0.0:*:*:*:*:*:*:*","matchCriteriaId":"E21D7ABF-C328-425D-B914-618C7628220B"},{"vulnerable":true,"criteria":"cpe:2.3:a:wso2:api_manager:4.1.0:-:*:*:*:*:*:*","matchCriteriaId":"51465410-6B7C-40FD-A1AB-A14F650A6AC8"},{"vulnerable":true,"criteria":"cpe:2.3:a:wso2:api_manager:4.2.0:-:*:*:*:*:*:*","matchCriteriaId":"851470CC-22AB-43E4-9CC6-5E22D49B3572"},{"vulnerable":true,"criteria":"cpe:2.3:a:wso2:api_manager:4.3.0:-:*:*:*:*:*:*","matchCriteriaId":"9EBAB99E-6F0F-4CE9-A954-E8878826304C"},{"vulnerable":true,"criteria":"cpe:2.3:a:wso2:enterprise_integrator:6.6.0:*:*:*:*:*:*:*","matchCriteriaId":"E4A07C73-3E6B-4CF9-BEB9-39C6081C0332"},{"vulnerable":true,"criteria":"cpe:2.3:a:wso2:identity_server:5.10.0:*:*:*:*:*:*:*","matchCriteriaId":"F4F126CA-A2F9-44F4-968B-DF71765869E5"},{"vulnerable":true,"criteria":"cpe:2.3:a:wso2:identity_server:5.11.0:*:*:*:*:*:*:*","matchCriteriaId":"2153AECE-020A-4C01-B2A6-F9F5D98E7EBE"},{"vulnerable":true,"criteria":"cpe:2.3:a:wso2:identity_server:6.0.0:*:*:*:*:*:*:*","matchCriteriaId":"7B81C488-69D0-4A5C-AEED-31869C1BF5CA"},{"vulnerable":true,"criteria":"cpe:2.3:a:wso2:identity_server:6.1.0:*:*:*:*:*:*:*","matchCriteriaId":"65CD2558-C60C-4296-8E96-D4D804C598F0"},{"vulnerable":true,"criteria":"cpe:2.3:a:wso2:identity_server:7.0.0:*:*:*:*:*:*:*","matchCriteriaId":"B8DF49C6-F2F6-4229-982E-0C0559265203"},{"vulnerable":true,"criteria":"cpe:2.3:a:wso2:identity_server_as_key_manager:5.10.0:*:*:*:*:*:*:*","matchCriteriaId":"6BB34405-A2F1-461A-B51B-E103BB3680A1"},{"vulnerable":true,"criteria":"cpe:2.3:a:wso2:open_banking_am:2.0.0:*:*:*:*:*:*:*","matchCriteriaId":"94347800-04D2-48C4-ACF0-078A5ACBB063"},{"vulnerable":true,"criteria":"cpe:2.3:a:wso2:open_banking_iam:2.0.0:*:*:*:*:*:*:*","matchCriteriaId":"D7C241A3-8EA0-41E4-ABF3-21B9D8E7A5BE"}]}]}],"references":[{"url":"https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2025/WSO2-2024-2702/","source":"ed10eef1-636d-4fbe-9993-6890dfa878f8","tags":["Vendor Advisory"]}]}}]}