Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
osvGoogleOSV:CVE-2022-29464
HistoryApr 18, 2022 - 10:15 p.m.

CVE-2022-29464

2022-04-1822:15:09
Google
osv.dev
6

7.5 High

AI Score

Confidence

Low

0.974 High

EPSS

Percentile

100.0%

JSON

Certain WSO2 products allow unrestricted file upload with resultant remote code execution. The attacker must use a /fileupload endpoint with a Content-Disposition directory traversal sequence to reach a directory under the web root, such as a …/…/…/…/repository/deployment/server/webapps directory. This affects WSO2 API Manager 2.2.0 up to 4.0.0, WSO2 Identity Server 5.2.0 up to 5.11.0, WSO2 Identity Server Analytics 5.4.0, 5.4.1, 5.5.0 and 5.6.0, WSO2 Identity Server as Key Manager 5.3.0 up to 5.11.0, WSO2 Enterprise Integrator 6.2.0 up to 6.6.0, WSO2 Open Banking AM 1.4.0 up to 2.0.0 and WSO2 Open Banking KM 1.4.0, up to 2.0.0.

Related

githubexploit 30
nuclei 1
cvelist 1
cve 1
metasploit 1
cisa_kev 1
thn 1
attackerkb 1
checkpoint_advisories 1
nvd 1
rapid7blog 3
nessus 1
packetstorm 1
trendmicroblog 1
zdt 1
veracode 1
prion 1
wallarmlab 3
impervablog 1
ics 1
githubexploit
githubexploit
Exploit for Path Traversal in Wso2 Api Manager
2022-04-22 21:23:57
Exploit for Path Traversal in Wso2 Api Manager
2022-04-29 08:24:17
Exploit for Path Traversal in Wso2 Api Manager
2022-05-26 20:19:53
nuclei
nuclei
WSO2 Management - Arbitrary File Upload & Remote Code Execution
2022-04-21 07:02:42
cvelist
cvelist
CVE-2022-29464
2022-04-18 00:00:00
cve
cve
CVE-2022-29464
2022-04-18 22:15:09
metasploit
metasploit
WSO2 Arbitrary File Upload to RCE
2022-04-26 19:29:12
cisa_kev
cisa_kev
WSO2 Multiple Products Unrestrictive Upload of File Vulnerability
2022-04-25 00:00:00
thn
thn
Chinese Hackers Targeting South American Diplomatic Entities with ShadowPad
2023-02-14 09:39:00
attackerkb
attackerkb
CVE-2022-29464
2022-04-18 00:00:00
checkpoint_advisories
checkpoint_advisories
WSO2 Multiple Products Remote Code Execution (CVE-2022-29464)
2022-05-03 00:00:00
nvd
nvd
CVE-2022-29464
2022-04-18 22:15:09
rapid7blog
rapid7blog
Opportunistic Exploitation of WSO2 CVE-2022-29464
2022-04-22 21:03:27
Metasploit Wrap-Up
2022-05-06 17:56:15
Active Exploitation of F5 BIG-IP iControl REST CVE-2022-1388
2022-05-09 17:57:00
nessus
nessus
WSO2 Multiple Products File Upload Remote Command Execution (CVE-2022-29464)
2022-04-26 00:00:00
packetstorm
packetstorm
WSO Arbitrary File Upload / Remote Code Execution
2022-05-02 00:00:00
trendmicroblog
trendmicroblog
Patch Your WSO2: CVE-2022-29464 Exploited to Install Linux-Compatible Cobalt Strike Beacons, Other Malware
2022-05-31 00:00:00
zdt
zdt
WSO Arbitrary File Upload / Remote Code Execution Exploit
2022-05-03 00:00:00
veracode
veracode
Arbitrary File Upload
2022-05-09 06:11:14
prion
prion
Unrestricted file upload
2022-04-18 22:15:00
wallarmlab
wallarmlab
Evolution of API Security – A Practical Guide to Addressing API Threats in 2023
2022-10-26 15:32:16
10 Years Journey into API Security Vulnerabilities with Ivan, the CEO of Wallarm
2022-07-13 17:47:59
API Vulnerabilities Jump Up 3.7x in Q2-2022
2022-07-28 07:38:27
impervablog
impervablog
Imperva uncovers new Indicators of Compromise for FBI and CISA-flagged AndroxGh0st botnet
2024-01-31 14:03:45
ics
ics
2022 Top Routinely Exploited Vulnerabilities
2023-08-03 12:00:00

7.5 High

AI Score

Confidence

Low

0.974 High

EPSS

Percentile

100.0%

JSON
Related for OSV:CVE-2022-29464
githubexploit30nuclei1cvelist1cve1metasploit1cisa_kev1thn1attackerkb1checkpoint_advisories1nvd1rapid7blog3nessus1packetstorm1trendmicroblog1zdt1veracode1prion1wallarmlab3impervablog1ics1