CVE-2022-29464 — CRITICAL (9.8)

Q: How severe is CVE-2022-29464?

CVE-2022-29464 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Q: Is there a patch for CVE-2022-29464?

Check the references section above for vendor advisories and patch information. Affected products include: Wso2 Api Manager, Wso2 Enterprise Integrator, Wso2 Identity Server, Wso2 Identity Server Analytics, Wso2 Identity Server As Key Manager.

Vulnerability Description

Certain WSO2 products allow unrestricted file upload with resultant remote code execution. The attacker must use a /fileupload endpoint with a Content-Disposition directory traversal sequence to reach a directory under the web root, such as a ../../../../repository/deployment/server/webapps directory. This affects WSO2 API Manager 2.2.0 up to 4.0.0, WSO2 Identity Server 5.2.0 up to 5.11.0, WSO2 Identity Server Analytics 5.4.0, 5.4.1, 5.5.0 and 5.6.0, WSO2 Identity Server as Key Manager 5.3.0 up to 5.11.0, WSO2 Enterprise Integrator 6.2.0 up to 6.6.0, WSO2 Open Banking AM 1.4.0 up to 2.0.0 and WSO2 Open Banking KM 1.4.0, up to 2.0.0.

CVSS Score

9.8

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Wso2	Api Manager	>= 2.2.0, <= 4.0.0
Wso2	Enterprise Integrator	>= 6.2.0, <= 6.6.0
Wso2	Identity Server	>= 5.2.0, <= 5.11.0
Wso2	Identity Server Analytics	5.4.0
Wso2	Identity Server As Key Manager	>= 5.3.0, <= 5.10.0
Wso2	Open Banking Am	>= 1.3.0, <= 2.0.0
Wso2	Open Banking Iam	2.0.0
Wso2	Open Banking Km	>= 1.3.0, <= 1.5.0

Related Weaknesses (CWE)

CWE-22

References

http://packetstormsecurity.com/files/166921/WSO-Arbitrary-File-Upload-Remote-CodExploitThird Party AdvisoryVDB Entry
http://www.openwall.com/lists/oss-security/2022/04/22/7Mailing ListThird Party Advisory
https://github.com/hakivvi/CVE-2022-29464ExploitThird Party Advisory
https://security.docs.wso2.com/en/latest/security-announcements/security-advisorVendor Advisory
http://packetstormsecurity.com/files/166921/WSO-Arbitrary-File-Upload-Remote-CodExploitThird Party AdvisoryVDB Entry
http://www.openwall.com/lists/oss-security/2022/04/22/7Mailing ListThird Party Advisory
https://github.com/hakivvi/CVE-2022-29464ExploitThird Party Advisory
https://security.docs.wso2.com/en/latest/security-announcements/security-advisorVendor Advisory
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-US Government Resource

FAQ

What is CVE-2022-29464?

CVE-2022-29464 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Certain WSO2 products allow unrestricted file upload with resultant remote code execution. The attacker must use a /fileupload endpoint with a Content-Disposition directory traversal sequence to reach...

How severe is CVE-2022-29464?

CVE-2022-29464 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2022-29464?

Check the references section above for vendor advisories and patch information. Affected products include: Wso2 Api Manager, Wso2 Enterprise Integrator, Wso2 Identity Server, Wso2 Identity Server Analytics, Wso2 Identity Server As Key Manager.