Wso2 open banking iam

This hub aggregates every CVE we track for Wso2 open banking iam. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 15 most recently published vulnerabilities affecting Wso2 open banking iam.

• CVE-2024-0391Username Enumeration via Email OTP Flow in Multiple WSO2 Products Allows User Account Discovery5.3May 11, 2026
• CVE-2024-2374XML External Entity Injection in Multiple WSO2 Products Allows Arbitrary file read and Denial of Service7.5Apr 16, 2026
• CVE-2025-9312Improper Certificate-Based Authentication Enforcement in Multiple WSO2 Products9.8Nov 18, 2025
• CVE-2025-6670Cross-Site Request Forgery (CSRF) in Multiple WSO2 Products via HTTP GET in Admin Services8.8Nov 18, 2025
• CVE-2025-10853Reflected Cross-Site Scripting (XSS) in Management Console of Multiple WSO2 Products Due to Improper Output Encoding5.2Nov 5, 2025
• CVE-2025-11093Arbitrary Code Execution with higher privileged users in Multiple WSO2 Products via Script Mediator Engines (GraalJS and NashornJS)8.4Nov 5, 2025
• CVE-2025-10907Authenticated Arbitrary File Upload in Multiple WSO2 Products via SOAP Admin Services Leading to Remote Code Execution8.4Nov 5, 2025
• CVE-2025-10713XML External Entity (XXE) Vulnerability in Multiple WSO2 Products Due to Improper XML Parser Configuration6.5Nov 5, 2025
• CVE-2025-3125Authenticated Arbitrary File Upload in Multiple WSO2 Products via CarbonAppUploader Admin Service Leading to Remote Code Execution6.7Nov 5, 2025
• CVE-2025-5605Authentication Bypass via URI Manipulation in Multiple WSO2 Products' Management Console Leading to Partial Information Disclosure4.3Oct 24, 2025
• CVE-2025-5350SSRF and Reflected XSS Vulnerability in Deprecated Try-It Feature of Multiple WSO2 Products5.9Oct 24, 2025
• CVE-2025-9804Improper Access Control in Multiple WSO2 Products via Internal SOAP Admin Services and System REST APIs9.6Oct 16, 2025
• CVE-2025-10611Potential Broken Access Control in Multiple WSO2 Products via System REST APIs9.8Oct 16, 2025
• CVE-2025-1862Authenticated Arbitrary File Upload in Multiple WSO2 Products via BPEL Uploader SOAP Service Leading to Remote Code Execution6.7Sep 26, 2025
• CVE-2025-1396Username Enumeration in Multiple WSO2 Products with Multi-Attribute Login Enabled3.7Sep 26, 2025