CVE-2022-29464

WSO2 Multiple Products Unrestrictive Upload of File Vulnerability

Severity Score

9.8

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

Yes

*KEV

Decision

Act

*SSVC

Descriptions

Certain WSO2 products allow unrestricted file upload with resultant remote code execution. The attacker must use a /fileupload endpoint with a Content-Disposition directory traversal sequence to reach a directory under the web root, such as a ../../../../repository/deployment/server/webapps directory. This affects WSO2 API Manager 2.2.0 up to 4.0.0, WSO2 Identity Server 5.2.0 up to 5.11.0, WSO2 Identity Server Analytics 5.4.0, 5.4.1, 5.5.0 and 5.6.0, WSO2 Identity Server as Key Manager 5.3.0 up to 5.11.0, WSO2 Enterprise Integrator 6.2.0 up to 6.6.0, WSO2 Open Banking AM 1.4.0 up to 2.0.0 and WSO2 Open Banking KM 1.4.0, up to 2.0.0.

Algunos productos WSO2 permiten la carga de archivos sin restricciones con la consiguiente ejecución remota de código. El atacante debe utilizar un endpoint /fileupload con una secuencia de recorrido de directorio Content-Disposition para alcanzar un directorio bajo la raíz web, como un directorio ../../../../repositorio/despliegue/servidor/webapps. Esto afecta a WSO2 API Manager 2.2.0 y superior hasta 4.0.0; WSO2 Identity Server 5.2.0 y superior hasta 5.11.0; WSO2 Identity Server Analytics 5.4.0, 5.4.1, 5.5.0 y 5.6.0; WSO2 Identity Server as Key Manager 5.3.0 y superior hasta 5.10.0; y WSO2 Enterprise Integrator 6.2.0 y superior hasta 6.6.0

Multiple WSO2 products allow for unrestricted file upload, resulting in remote code execution.

*Credits: N/A

CVSS Scores

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

Complete

Integrity

Complete

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:Act

Exploitation

Active

Automatable

Yes

Tech. Impact

Total

* Organization's Worst-case Scenario

Timeline

2022-04-18 CVE Reserved
2022-04-18 CVE Published
2022-04-21 First Exploit
2022-04-25 Exploited in Wild
2022-05-16 KEV Due Date
2025-01-29 CVE Updated
2025-03-18 EPSS Updated

CWE

CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CAPEC

References (37)

URL	Tag	Source
http://www.openwall.com/lists/oss-security/2022/04/22/7	Mailing List

URL	Date	SRC
https://packetstorm.news/files/id/166921	2022-05-02
https://github.com/hakivvi/CVE-2022-29464	2025-01-29
https://github.com/electr0lulz/Mass-exploit-CVE-2022-29464	2022-06-22
https://github.com/Inplex-sys/CVE-2022-29464-loader	2022-08-08
https://github.com/ThatNotEasy/CVE-2022-29464	2023-07-24
https://github.com/gpiechnik2/nmap-CVE-2022-29464	2022-04-22
https://github.com/r4x0r1337/-CVE-2022-29464	2023-02-28
https://github.com/superzerosec/CVE-2022-29464	2022-04-30
https://github.com/gbrsh/CVE-2022-29464	2022-11-14
https://github.com/xinghonghaoyue/CVE-2022-29464	2022-06-01
https://github.com/amit-pathak009/CVE-2022-29464-mass	2022-05-29
https://github.com/amit-pathak009/CVE-2022-29464	2022-05-29
https://github.com/hev0x/CVE-2022-29464	2022-04-28
https://github.com/hupe1980/CVE-2022-29464	2022-09-25
https://github.com/Chocapikk/CVE-2022-29464	2022-06-01
https://github.com/jimidk/Better-CVE-2022-29464	2022-06-04
https://github.com/mr-r3bot/WSO2-CVE-2022-29464	2022-04-26
https://github.com/LinJacck/CVE-2022-29464	2022-05-07
https://github.com/devengpk/CVE-2022-29464	2022-12-18
https://github.com/Pushkarup/CVE-2022-29464	2023-10-25
https://github.com/0xAgun/CVE-2022-29464	2022-04-22
https://github.com/axin2019/CVE-2022-29464	2022-05-05
https://github.com/SynixCyberCrimeMy/CVE-2022-29464	2023-11-16
https://github.com/N3rdyN3xus/CVE-2022-29464	2022-04-24
https://github.com/cc3305/CVE-2022-29464	2024-07-27
https://github.com/tufanturhan/wso2-rce-cve-2022-29464	2022-04-21
https://github.com/Lidong-io/cve-2022-29464	2024-05-31
https://github.com/oppsec/WSOB	2024-11-27
https://github.com/n3rdh4x0r/CVE-2022-29464	2022-04-24
https://github.com/lowkey0808/cve-2022-29464	2022-04-26
https://github.com/Pasch0/WSO2RCE	2023-11-12
https://github.com/g0dxing/CVE-2022-29464	2022-06-06
https://github.com/c1ph3rbyt3/CVE-2022-29464	2025-01-17
https://github.com/hxlxmj/Mass-exploit-CVE-2022-29464	2022-06-26
http://packetstormsecurity.com/files/166921/WSO-Arbitrary-File-Upload-Remote-Code-Execution.html	2025-01-29

URL	Date	SRC

URL	Date	SRC
https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2022/WSO2-2021-1738	2024-07-02

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Wso2 Search vendor "Wso2"		Api Manager Search vendor "Wso2" for product "Api Manager"				>= 2.2.0 <= 4.0.0 Search vendor "Wso2" for product "Api Manager" and version " >= 2.2.0 <= 4.0.0"		-		Affected
Wso2 Search vendor "Wso2"		Enterprise Integrator Search vendor "Wso2" for product "Enterprise Integrator"				>= 6.2.0 <= 6.6.0 Search vendor "Wso2" for product "Enterprise Integrator" and version " >= 6.2.0 <= 6.6.0"		-		Affected
Wso2 Search vendor "Wso2"		Identity Server Search vendor "Wso2" for product "Identity Server"				>= 5.2.0 <= 5.11.0 Search vendor "Wso2" for product "Identity Server" and version " >= 5.2.0 <= 5.11.0"		-		Affected
Wso2 Search vendor "Wso2"		Identity Server Analytics Search vendor "Wso2" for product "Identity Server Analytics"				5.4.0 Search vendor "Wso2" for product "Identity Server Analytics" and version "5.4.0"		-		Affected
Wso2 Search vendor "Wso2"		Identity Server Analytics Search vendor "Wso2" for product "Identity Server Analytics"				5.4.1 Search vendor "Wso2" for product "Identity Server Analytics" and version "5.4.1"		-		Affected
Wso2 Search vendor "Wso2"		Identity Server Analytics Search vendor "Wso2" for product "Identity Server Analytics"				5.5.0 Search vendor "Wso2" for product "Identity Server Analytics" and version "5.5.0"		-		Affected
Wso2 Search vendor "Wso2"		Identity Server Analytics Search vendor "Wso2" for product "Identity Server Analytics"				5.6.0 Search vendor "Wso2" for product "Identity Server Analytics" and version "5.6.0"		-		Affected
Wso2 Search vendor "Wso2"		Identity Server As Key Manager Search vendor "Wso2" for product "Identity Server As Key Manager"				>= 5.3.0 <= 5.10.0 Search vendor "Wso2" for product "Identity Server As Key Manager" and version " >= 5.3.0 <= 5.10.0"		-		Affected
Wso2 Search vendor "Wso2"		Open Banking Am Search vendor "Wso2" for product "Open Banking Am"				>= 1.3.0 <= 2.0.0 Search vendor "Wso2" for product "Open Banking Am" and version " >= 1.3.0 <= 2.0.0"		-		Affected
Wso2 Search vendor "Wso2"		Open Banking Iam Search vendor "Wso2" for product "Open Banking Iam"				2.0.0 Search vendor "Wso2" for product "Open Banking Iam" and version "2.0.0"		-		Affected
Wso2 Search vendor "Wso2"		Open Banking Km Search vendor "Wso2" for product "Open Banking Km"				>= 1.3.0 <= 1.5.0 Search vendor "Wso2" for product "Open Banking Km" and version " >= 1.3.0 <= 1.5.0"		-		Affected