Wso2 identity server as key manager
This hub aggregates every CVE we track for Wso2 identity server as key manager, a product in the cloud saas space. Use it to gauge the current risk picture and drill into individual advisories.
30
CVEs tracked
5
Critical
5
High
1
In CISA KEV
Severity distribution
MEDIUM18HIGH5CRITICAL5LOW2
Monthly trend
0
0
0
0
0
0
0
0
0
0
3
5
0
0
5
4
7
0
0
0
0
1
1
0
2024-072026-06
Latest CVEs
The 15 most recently published vulnerabilities affecting Wso2 identity server as key manager.
- CVE-2024-0391Username Enumeration via Email OTP Flow in Multiple WSO2 Products Allows User Account Discovery5.3
- CVE-2024-2374XML External Entity Injection in Multiple WSO2 Products Allows Arbitrary file read and Denial of Service7.5
- CVE-2025-9312Improper Certificate-Based Authentication Enforcement in Multiple WSO2 Products9.8
- CVE-2025-6670Cross-Site Request Forgery (CSRF) in Multiple WSO2 Products via HTTP GET in Admin Services8.8
- CVE-2025-10853Reflected Cross-Site Scripting (XSS) in Management Console of Multiple WSO2 Products Due to Improper Output Encoding5.2
- CVE-2025-11093Arbitrary Code Execution with higher privileged users in Multiple WSO2 Products via Script Mediator Engines (GraalJS and NashornJS)8.4
- CVE-2025-10907Authenticated Arbitrary File Upload in Multiple WSO2 Products via SOAP Admin Services Leading to Remote Code Execution8.4
- CVE-2025-10713XML External Entity (XXE) Vulnerability in Multiple WSO2 Products Due to Improper XML Parser Configuration6.5
- CVE-2025-3125Authenticated Arbitrary File Upload in Multiple WSO2 Products via CarbonAppUploader Admin Service Leading to Remote Code Execution6.7
- CVE-2025-5605Authentication Bypass via URI Manipulation in Multiple WSO2 Products' Management Console Leading to Partial Information Disclosure4.3
- CVE-2025-5350SSRF and Reflected XSS Vulnerability in Deprecated Try-It Feature of Multiple WSO2 Products5.9
- CVE-2025-9804Improper Access Control in Multiple WSO2 Products via Internal SOAP Admin Services and System REST APIs9.6
- CVE-2025-10611Potential Broken Access Control in Multiple WSO2 Products via System REST APIs9.8
- CVE-2025-1862Authenticated Arbitrary File Upload in Multiple WSO2 Products via BPEL Uploader SOAP Service Leading to Remote Code Execution6.7
- CVE-2025-1396Username Enumeration in Multiple WSO2 Products with Multi-Attribute Login Enabled3.7
Product normalization is registry-driven with AI assist and human review. How it works