CVE-2023-6835

CVSS v3.1 5.3 (Medium)

EPSS 0.05 % (18^th)

Affected Products 2

Advisories 1

Multiple WSO2 products have been identified as vulnerable due to lack of server-side input validation in the Forum feature, API rating could be manipulated.

Weaknesses

CWE-20: Improper Input Validation

CVE Status: PUBLISHED
CNA: WSO2 LLC
Published Date: 2023-12-15 10:15:09
(9 months ago)
Updated Date: 2023-12-28 20:19:11
(8 months ago)

Affected Products

Wso2

Api Manager
Iot Server

Configuration #1

		CPE23	From	Up To
	Wso2 Api Manager 2.2.0	cpe:2.3:a:wso2:api_manager:2.2.0
	Wso2 Api Manager 2.5.0	cpe:2.3:a:wso2:api_manager:2.5.0
	Wso2 Api Manager 2.6.0	cpe:2.3:a:wso2:api_manager:2.6.0

Configuration #2

		CPE23	From	Up To
	Wso2 Iot Server 3.3.1	cpe:2.3:a:wso2:iot_server:3.3.1