Open banking iam
This hub aggregates every CVE we track for Open banking iam, a product in the cloud saas space. Use it to gauge the current risk picture and drill into individual advisories.
23
CVEs tracked
5
Critical
3
High
1
In CISA KEV
Severity distribution
MEDIUM13CRITICAL5HIGH3LOW2
Monthly trend
0
0
0
0
0
0
0
0
0
0
3
3
0
0
4
4
6
0
0
0
0
1
1
0
2024-072026-06
Latest CVEs
The 15 most recently published vulnerabilities affecting Open banking iam.
- CVE-2024-0391Username Enumeration via Email OTP Flow in Multiple WSO2 Products Allows User Account Discovery5.3
- CVE-2024-2374XML External Entity Injection in Multiple WSO2 Products Allows Arbitrary file read and Denial of Service7.5
- CVE-2025-9312Improper Certificate-Based Authentication Enforcement in Multiple WSO2 Products9.8
- CVE-2025-6670Cross-Site Request Forgery (CSRF) in Multiple WSO2 Products via HTTP GET in Admin Services8.8
- CVE-2025-10853Reflected Cross-Site Scripting (XSS) in Management Console of Multiple WSO2 Products Due to Improper Output Encoding5.2
- CVE-2025-10907Authenticated Arbitrary File Upload in Multiple WSO2 Products via SOAP Admin Services Leading to Remote Code Execution8.4
- CVE-2025-10713XML External Entity (XXE) Vulnerability in Multiple WSO2 Products Due to Improper XML Parser Configuration6.5
- CVE-2025-3125Authenticated Arbitrary File Upload in Multiple WSO2 Products via CarbonAppUploader Admin Service Leading to Remote Code Execution6.7
- CVE-2025-5605Authentication Bypass via URI Manipulation in Multiple WSO2 Products' Management Console Leading to Partial Information Disclosure4.3
- CVE-2025-5350SSRF and Reflected XSS Vulnerability in Deprecated Try-It Feature of Multiple WSO2 Products5.9
- CVE-2025-9804Improper Access Control in Multiple WSO2 Products via Internal SOAP Admin Services and System REST APIs9.6
- CVE-2025-10611Potential Broken Access Control in Multiple WSO2 Products via System REST APIs9.8
- CVE-2025-1862Authenticated Arbitrary File Upload in Multiple WSO2 Products via BPEL Uploader SOAP Service Leading to Remote Code Execution6.7
- CVE-2025-1396Username Enumeration in Multiple WSO2 Products with Multi-Attribute Login Enabled3.7
- CVE-2025-0672Authentication Bypass in Multiple WSO2 Products via Stale FIDO Credential Association3.3
Product normalization is registry-driven with AI assist and human review. How it works