Identity server as key manager

This hub aggregates every CVE we track for Identity server as key manager, a product in the cloud saas space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 15 most recently published vulnerabilities affecting Identity server as key manager.

• CVE-2024-0391Username Enumeration via Email OTP Flow in Multiple WSO2 Products Allows User Account Discovery5.3May 11, 2026
• CVE-2024-2374XML External Entity Injection in Multiple WSO2 Products Allows Arbitrary file read and Denial of Service7.5Apr 16, 2026
• CVE-2025-9312Improper Certificate-Based Authentication Enforcement in Multiple WSO2 Products9.8Nov 18, 2025
• CVE-2025-6670Cross-Site Request Forgery (CSRF) in Multiple WSO2 Products via HTTP GET in Admin Services8.8Nov 18, 2025
• CVE-2025-10853Reflected Cross-Site Scripting (XSS) in Management Console of Multiple WSO2 Products Due to Improper Output Encoding5.2Nov 5, 2025
• CVE-2025-10907Authenticated Arbitrary File Upload in Multiple WSO2 Products via SOAP Admin Services Leading to Remote Code Execution8.4Nov 5, 2025
• CVE-2025-3125Authenticated Arbitrary File Upload in Multiple WSO2 Products via CarbonAppUploader Admin Service Leading to Remote Code Execution6.7Nov 5, 2025
• CVE-2025-5605Authentication Bypass via URI Manipulation in Multiple WSO2 Products' Management Console Leading to Partial Information Disclosure4.3Oct 24, 2025
• CVE-2025-5350SSRF and Reflected XSS Vulnerability in Deprecated Try-It Feature of Multiple WSO2 Products5.9Oct 24, 2025
• CVE-2025-9804Improper Access Control in Multiple WSO2 Products via Internal SOAP Admin Services and System REST APIs9.6Oct 16, 2025
• CVE-2025-10611Potential Broken Access Control in Multiple WSO2 Products via System REST APIs9.8Oct 16, 2025
• CVE-2025-1862Authenticated Arbitrary File Upload in Multiple WSO2 Products via BPEL Uploader SOAP Service Leading to Remote Code Execution6.7Sep 26, 2025
• CVE-2025-1396Username Enumeration in Multiple WSO2 Products with Multi-Attribute Login Enabled3.7Sep 26, 2025
• CVE-2025-0672Authentication Bypass in Multiple WSO2 Products via Stale FIDO Credential Association3.3Sep 23, 2025
• CVE-2025-0663Potential cross-tenant account takeover vulnerability in Multiple WSO2 Products via Adaptive Authentication and Auto-Login6.8Sep 23, 2025