CVE-2024-1440
Open Redirection in Multiple WSO2 Products via Multi-Option Authentication Endpoint
Severity Score
5.4
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
Track
*SSVC
Descriptions
An open redirection vulnerability exists in multiple WSO2 products due to improper validation of the multi-option URL in the authentication endpoint when multi-option authentication is enabled. A malicious actor can craft a valid link that redirects users to an attacker-controlled site. By exploiting this vulnerability, an attacker may trick users into visiting a malicious page, enabling phishing attacks to harvest sensitive information or perform other harmful actions.
Existe una vulnerabilidad de redirección abierta en varios productos WSO2 debido a la validación incorrecta de la URL multiopción en el endpoint de autenticación cuando esta está habilitada. Un atacante puede crear un enlace válido que redirija a los usuarios a un sitio web controlado por el atacante. Al explotar esta vulnerabilidad, un atacante puede engañar a los usuarios para que visiten una página maliciosa, lo que permite ataques de phishing para recopilar información confidencial o realizar otras acciones dañinas.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:Track
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2024-02-12 CVE Reserved
- 2025-06-02 CVE Published
- 2025-06-02 CVE Updated
- 2025-08-09 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-601: URL Redirection to Untrusted Site ('Open Redirect')
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| WSO2 Search vendor "WSO2" | WSO2 Identity Server Search vendor "WSO2" for product "WSO2 Identity Server" | >= 5.10.0.0 < 5.10.0.278 Search vendor "WSO2" for product "WSO2 Identity Server" and version " >= 5.10.0.0 < 5.10.0.278" | en |
Affected
| ||||||
| WSO2 Search vendor "WSO2" | WSO2 Identity Server Search vendor "WSO2" for product "WSO2 Identity Server" | >= 5.11.0.0 < 5.11.0.347 Search vendor "WSO2" for product "WSO2 Identity Server" and version " >= 5.11.0.0 < 5.11.0.347" | en |
Affected
| ||||||
| WSO2 Search vendor "WSO2" | WSO2 Identity Server Search vendor "WSO2" for product "WSO2 Identity Server" | >= 6.0.0.0 < 6.0.0.185 Search vendor "WSO2" for product "WSO2 Identity Server" and version " >= 6.0.0.0 < 6.0.0.185" | en |
Affected
| ||||||
| WSO2 Search vendor "WSO2" | WSO2 Identity Server Search vendor "WSO2" for product "WSO2 Identity Server" | >= 6.1.0.0 < 6.1.0.145 Search vendor "WSO2" for product "WSO2 Identity Server" and version " >= 6.1.0.0 < 6.1.0.145" | en |
Affected
| ||||||
| WSO2 Search vendor "WSO2" | WSO2 Identity Server Search vendor "WSO2" for product "WSO2 Identity Server" | >= 7.0.0.0 < 7.0.0.30 Search vendor "WSO2" for product "WSO2 Identity Server" and version " >= 7.0.0.0 < 7.0.0.30" | en |
Affected
| ||||||
| WSO2 Search vendor "WSO2" | WSO2 API Manager Search vendor "WSO2" for product "WSO2 API Manager" | >= 3.1.0.0 < 3.1.0.262 Search vendor "WSO2" for product "WSO2 API Manager" and version " >= 3.1.0.0 < 3.1.0.262" | en |
Affected
| ||||||
| WSO2 Search vendor "WSO2" | WSO2 API Manager Search vendor "WSO2" for product "WSO2 API Manager" | >= 3.2.0.0 < 3.2.0.344 Search vendor "WSO2" for product "WSO2 API Manager" and version " >= 3.2.0.0 < 3.2.0.344" | en |
Affected
| ||||||
| WSO2 Search vendor "WSO2" | WSO2 API Manager Search vendor "WSO2" for product "WSO2 API Manager" | >= 4.0.0.0 < 4.0.0.296 Search vendor "WSO2" for product "WSO2 API Manager" and version " >= 4.0.0.0 < 4.0.0.296" | en |
Affected
| ||||||
| WSO2 Search vendor "WSO2" | WSO2 Identity Server As Key Manager Search vendor "WSO2" for product "WSO2 Identity Server As Key Manager" | >= 5.10.0.0 < 5.10.0.298 Search vendor "WSO2" for product "WSO2 Identity Server As Key Manager" and version " >= 5.10.0.0 < 5.10.0.298" | en |
Affected
| ||||||
| WSO2 Search vendor "WSO2" | WSO2 Open Banking AM Search vendor "WSO2" for product "WSO2 Open Banking AM" | >= 2.0.0.0 < 2.0.0.308 Search vendor "WSO2" for product "WSO2 Open Banking AM" and version " >= 2.0.0.0 < 2.0.0.308" | en |
Affected
| ||||||
| WSO2 Search vendor "WSO2" | WSO2 Open Banking IAM Search vendor "WSO2" for product "WSO2 Open Banking IAM" | >= 2.0.0.0 < 2.0.0.327 Search vendor "WSO2" for product "WSO2 Open Banking IAM" and version " >= 2.0.0.0 < 2.0.0.327" | en |
Affected
| ||||||
| WSO2 Search vendor "WSO2" | WSO2 Carbon Identity Application Authentication Endpoint(Utils) Search vendor "WSO2" for product "WSO2 Carbon Identity Application Authentication Endpoint(Utils)" | >= 5.17.5.0 < 5.17.5.256 Search vendor "WSO2" for product "WSO2 Carbon Identity Application Authentication Endpoint(Utils)" and version " >= 5.17.5.0 < 5.17.5.256" | en |
Affected
| ||||||
| WSO2 Search vendor "WSO2" | WSO2 Carbon Identity Application Authentication Endpoint(Utils) Search vendor "WSO2" for product "WSO2 Carbon Identity Application Authentication Endpoint(Utils)" | >= 5.18.187.0 < 5.18.187.257 Search vendor "WSO2" for product "WSO2 Carbon Identity Application Authentication Endpoint(Utils)" and version " >= 5.18.187.0 < 5.18.187.257" | en |
Affected
| ||||||
| WSO2 Search vendor "WSO2" | WSO2 Carbon Identity Application Authentication Endpoint(Utils) Search vendor "WSO2" for product "WSO2 Carbon Identity Application Authentication Endpoint(Utils)" | >= 5.23.8.0 < 5.23.8.174 Search vendor "WSO2" for product "WSO2 Carbon Identity Application Authentication Endpoint(Utils)" and version " >= 5.23.8.0 < 5.23.8.174" | en |
Affected
| ||||||
| WSO2 Search vendor "WSO2" | WSO2 Carbon Identity Application Authentication Endpoint(Utils) Search vendor "WSO2" for product "WSO2 Carbon Identity Application Authentication Endpoint(Utils)" | >= 5.25.92.0 < 5.25.92.77 Search vendor "WSO2" for product "WSO2 Carbon Identity Application Authentication Endpoint(Utils)" and version " >= 5.25.92.0 < 5.25.92.77" | en |
Affected
| ||||||
| WSO2 Search vendor "WSO2" | WSO2 Carbon Identity Application Authentication Endpoint(Utils) Search vendor "WSO2" for product "WSO2 Carbon Identity Application Authentication Endpoint(Utils)" | >= 7.0.78.0 < 7.0.78.18 Search vendor "WSO2" for product "WSO2 Carbon Identity Application Authentication Endpoint(Utils)" and version " >= 7.0.78.0 < 7.0.78.18" | en |
Affected
| ||||||