{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-25T17:26:42.877","vulnerabilities":[{"cve":{"id":"CVE-2024-7487","sourceIdentifier":"ed10eef1-636d-4fbe-9993-6890dfa878f8","published":"2025-05-22T19:15:43.157","lastModified":"2025-10-06T13:57:27.530","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"An improper authentication vulnerability exists in WSO2 Identity Server 7.0.0 due to an implementation flaw that allows app-native authentication to be bypassed when an invalid object is passed.\n\nExploitation of this vulnerability could enable malicious actors to circumvent the client verification mechanism, compromising the integrity of the authentication process."},{"lang":"es","value":"Existe una vulnerabilidad de autenticación incorrecta en WSO2 Identity Server 7.0.0 debido a un fallo de implementación que permite omitir la autenticación nativa de la aplicación al pasar un objeto no válido. La explotación de esta vulnerabilidad podría permitir a actores maliciosos eludir el mecanismo de verificación del cliente, comprometiendo así la integridad del proceso de autenticación."}],"metrics":{"cvssMetricV31":[{"source":"ed10eef1-636d-4fbe-9993-6890dfa878f8","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N","baseScore":5.8,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}]},"weaknesses":[{"source":"ed10eef1-636d-4fbe-9993-6890dfa878f8","type":"Secondary","description":[{"lang":"en","value":"CWE-287"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:wso2:identity_server:7.0.0:-:*:*:*:*:*:*","matchCriteriaId":"C1EFBD0F-9664-4EF3-9908-C72B1318F68F"}]}]}],"references":[{"url":"https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2024/WSO2-2024-3348/","source":"ed10eef1-636d-4fbe-9993-6890dfa878f8","tags":["Vendor Advisory"]}]}}]}