Wso2 open banking am

This hub aggregates every CVE we track for Wso2 open banking am, a product in the cloud saas space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 15 most recently published vulnerabilities affecting Wso2 open banking am.

• CVE-2024-2374XML External Entity Injection in Multiple WSO2 Products Allows Arbitrary file read and Denial of Service7.5Apr 16, 2026
• CVE-2025-9312Improper Certificate-Based Authentication Enforcement in Multiple WSO2 Products9.8Nov 18, 2025
• CVE-2025-6670Cross-Site Request Forgery (CSRF) in Multiple WSO2 Products via HTTP GET in Admin Services8.8Nov 18, 2025
• CVE-2025-10853Reflected Cross-Site Scripting (XSS) in Management Console of Multiple WSO2 Products Due to Improper Output Encoding5.2Nov 5, 2025
• CVE-2025-11093Arbitrary Code Execution with higher privileged users in Multiple WSO2 Products via Script Mediator Engines (GraalJS and NashornJS)8.4Nov 5, 2025
• CVE-2025-10907Authenticated Arbitrary File Upload in Multiple WSO2 Products via SOAP Admin Services Leading to Remote Code Execution8.4Nov 5, 2025
• CVE-2025-10713XML External Entity (XXE) Vulnerability in Multiple WSO2 Products Due to Improper XML Parser Configuration6.5Nov 5, 2025
• CVE-2025-5605Authentication Bypass via URI Manipulation in Multiple WSO2 Products' Management Console Leading to Partial Information Disclosure4.3Oct 24, 2025
• CVE-2025-5350SSRF and Reflected XSS Vulnerability in Deprecated Try-It Feature of Multiple WSO2 Products5.9Oct 24, 2025
• CVE-2025-9804Improper Access Control in Multiple WSO2 Products via Internal SOAP Admin Services and System REST APIs9.6Oct 16, 2025
• CVE-2025-10611Potential Broken Access Control in Multiple WSO2 Products via System REST APIs9.8Oct 16, 2025
• CVE-2025-5717Authenticated Remote Code Execution in Multiple WSO2 Products via Event Processor Admin Service6.8Sep 23, 2025
• CVE-2024-3511Incorrect Authorization in Multiple WSO2 Products Allows Unauthorized Access to Registry Versioned Files4.3Jun 23, 2025
• CVE-2024-1440Open Redirection in Multiple WSO2 Products via Multi-Option Authentication Endpoint5.4Jun 2, 2025
• CVE-2024-8008Reflected Cross-Site Scripting (XSS) in Multiple WSO2 Products via JDBC User Store Connection Validation5.2Jun 2, 2025