// For flags

CVE-2022-29464

WSO2 Multiple Products Unrestrictive Upload of File Vulnerability

Severity Score

9.8
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

25
*Multiple Sources

Exploited in Wild

Yes
*KEV

Decision

-
*SSVC
Descriptions

Certain WSO2 products allow unrestricted file upload with resultant remote code execution. The attacker must use a /fileupload endpoint with a Content-Disposition directory traversal sequence to reach a directory under the web root, such as a ../../../../repository/deployment/server/webapps directory. This affects WSO2 API Manager 2.2.0 up to 4.0.0, WSO2 Identity Server 5.2.0 up to 5.11.0, WSO2 Identity Server Analytics 5.4.0, 5.4.1, 5.5.0 and 5.6.0, WSO2 Identity Server as Key Manager 5.3.0 up to 5.11.0, WSO2 Enterprise Integrator 6.2.0 up to 6.6.0, WSO2 Open Banking AM 1.4.0 up to 2.0.0 and WSO2 Open Banking KM 1.4.0, up to 2.0.0.

Algunos productos WSO2 permiten la carga de archivos sin restricciones con la consiguiente ejecución remota de código. El atacante debe utilizar un endpoint /fileupload con una secuencia de recorrido de directorio Content-Disposition para alcanzar un directorio bajo la raíz web, como un directorio ../../../../repositorio/despliegue/servidor/webapps. Esto afecta a WSO2 API Manager 2.2.0 y superior hasta 4.0.0; WSO2 Identity Server 5.2.0 y superior hasta 5.11.0; WSO2 Identity Server Analytics 5.4.0, 5.4.1, 5.5.0 y 5.6.0; WSO2 Identity Server as Key Manager 5.3.0 y superior hasta 5.10.0; y WSO2 Enterprise Integrator 6.2.0 y superior hasta 6.6.0

Multiple WSO2 products allow for unrestricted file upload, resulting in remote code execution.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
Complete
Integrity
Complete
Availability
Complete
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2022-04-18 CVE Reserved
  • 2022-04-18 CVE Published
  • 2022-04-22 First Exploit
  • 2022-04-25 Exploited in Wild
  • 2022-05-16 KEV Due Date
  • 2024-08-03 CVE Updated
  • 2024-09-03 EPSS Updated
CWE
  • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CAPEC
References (27)
URL Tag Source
http://www.openwall.com/lists/oss-security/2022/04/22/7 Mailing List
URL Date SRC
https://github.com/hakivvi/CVE-2022-29464 2024-08-03
https://github.com/electr0lulz/Mass-exploit-CVE-2022-29464 2022-06-22
https://github.com/Inplex-sys/CVE-2022-29464-loader 2022-08-08
https://github.com/ThatNotEasy/CVE-2022-29464 2023-07-24
https://github.com/gpiechnik2/nmap-CVE-2022-29464 2022-04-22
https://github.com/r4x0r1337/-CVE-2022-29464 2023-02-28
https://github.com/superzerosec/CVE-2022-29464 2022-04-30
https://github.com/gbrsh/CVE-2022-29464 2022-11-14
https://github.com/xinghonghaoyue/CVE-2022-29464 2022-06-01
https://github.com/amit-pathak009/CVE-2022-29464-mass 2022-05-29
https://github.com/amit-pathak009/CVE-2022-29464 2022-05-29
https://github.com/hev0x/CVE-2022-29464 2022-04-28
https://github.com/hupe1980/CVE-2022-29464 2022-09-25
https://github.com/Chocapikk/CVE-2022-29464 2022-06-01
https://github.com/jimidk/Better-CVE-2022-29464 2022-06-04
https://github.com/mr-r3bot/WSO2-CVE-2022-29464 2022-04-26
https://github.com/LinJacck/CVE-2022-29464 2022-05-07
https://github.com/devengpk/CVE-2022-29464 2022-12-18
https://github.com/Pushkarup/CVE-2022-29464 2023-10-25
https://github.com/0xAgun/CVE-2022-29464 2022-04-22
https://github.com/axin2019/CVE-2022-29464 2022-05-05
https://github.com/SynixCyberCrimeMy/CVE-2022-29464 2023-11-16
https://github.com/N3rdyN3xus/CVE-2022-29464 2022-04-24
https://github.com/cc3305/CVE-2022-29464 2024-07-27
http://packetstormsecurity.com/files/166921/WSO-Arbitrary-File-Upload-Remote-Code-Execution.html 2024-08-03
URL Date SRC
URL Date SRC
https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2022/WSO2-2021-1738 2024-07-02
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Wso2
Search vendor "Wso2"
 Api Manager
Search vendor "Wso2" for product "Api Manager"
 >= 2.2.0 <= 4.0.0
Search vendor "Wso2" for product "Api Manager" and version " >= 2.2.0 <= 4.0.0"
-
Affected
Wso2
Search vendor "Wso2"
 Enterprise Integrator
Search vendor "Wso2" for product "Enterprise Integrator"
 >= 6.2.0 <= 6.6.0
Search vendor "Wso2" for product "Enterprise Integrator" and version " >= 6.2.0 <= 6.6.0"
-
Affected
Wso2
Search vendor "Wso2"
 Identity Server
Search vendor "Wso2" for product "Identity Server"
 >= 5.2.0 <= 5.11.0
Search vendor "Wso2" for product "Identity Server" and version " >= 5.2.0 <= 5.11.0"
-
Affected
Wso2
Search vendor "Wso2"
 Identity Server Analytics
Search vendor "Wso2" for product "Identity Server Analytics"
 5.4.0
Search vendor "Wso2" for product "Identity Server Analytics" and version "5.4.0"
-
Affected
Wso2
Search vendor "Wso2"
 Identity Server Analytics
Search vendor "Wso2" for product "Identity Server Analytics"
 5.4.1
Search vendor "Wso2" for product "Identity Server Analytics" and version "5.4.1"
-
Affected
Wso2
Search vendor "Wso2"
 Identity Server Analytics
Search vendor "Wso2" for product "Identity Server Analytics"
 5.5.0
Search vendor "Wso2" for product "Identity Server Analytics" and version "5.5.0"
-
Affected
Wso2
Search vendor "Wso2"
 Identity Server Analytics
Search vendor "Wso2" for product "Identity Server Analytics"
 5.6.0
Search vendor "Wso2" for product "Identity Server Analytics" and version "5.6.0"
-
Affected
Wso2
Search vendor "Wso2"
 Identity Server As Key Manager
Search vendor "Wso2" for product "Identity Server As Key Manager"
 >= 5.3.0 <= 5.10.0
Search vendor "Wso2" for product "Identity Server As Key Manager" and version " >= 5.3.0 <= 5.10.0"
-
Affected
Wso2
Search vendor "Wso2"
 Open Banking Am
Search vendor "Wso2" for product "Open Banking Am"
 >= 1.3.0 <= 2.0.0
Search vendor "Wso2" for product "Open Banking Am" and version " >= 1.3.0 <= 2.0.0"
-
Affected
Wso2
Search vendor "Wso2"
 Open Banking Iam
Search vendor "Wso2" for product "Open Banking Iam"
 2.0.0
Search vendor "Wso2" for product "Open Banking Iam" and version "2.0.0"
-
Affected
Wso2
Search vendor "Wso2"
 Open Banking Km
Search vendor "Wso2" for product "Open Banking Km"
 >= 1.3.0 <= 1.5.0
Search vendor "Wso2" for product "Open Banking Km" and version " >= 1.3.0 <= 1.5.0"
-
Affected