CVE-2022-29464 vulnerability in Wso2 Products
Published on April 18, 2022
Certain WSO2 products allow unrestricted file upload with resultant remote code execution. The attacker must use a /fileupload endpoint with a Content-Disposition directory traversal sequence to reach a directory under the web root, such as a ../../../../repository/deployment/server/webapps directory. This affects WSO2 API Manager 2.2.0 up to 4.0.0, WSO2 Identity Server 5.2.0 up to 5.11.0, WSO2 Identity Server Analytics 5.4.0, 5.4.1, 5.5.0 and 5.6.0, WSO2 Identity Server as Key Manager 5.3.0 up to 5.11.0, WSO2 Enterprise Integrator 6.2.0 up to 6.6.0, WSO2 Open Banking AM 1.4.0 up to 2.0.0 and WSO2 Open Banking KM 1.4.0, up to 2.0.0.
Known Exploited Vulnerability
This WSO2 Multiple Products Unrestrictive Upload of File Vulnerability is part of CISA's list of Known Exploited Vulnerabilities. Multiple WSO2 products allow for unrestricted file upload, resulting in remote code execution.
The following remediation steps are recommended / required by May 16, 2022: Apply updates per vendor instructions.
Vulnerability Analysis
CVE-2022-29464 is exploitable with network access, and does not require authorization privileges or user interaction. This vulnerability is considered to have a low attack complexity. It has the highest possible exploitability rating (3.9). The potential impact of an exploit of this vulnerability is considered to be critical as this vulnerability has a high impact to the confidentiality, integrity and availability of this component.
What is a Directory traversal Vulnerability?
The software uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the software does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
CVE-2022-29464 has been classified to as a Directory traversal vulnerability or weakness.
Products Associated with CVE-2022-29464
You can be notified by stack.watch whenever vulnerabilities like CVE-2022-29464 are published in these products:
What versions are vulnerable to CVE-2022-29464?
-
Wso2 Identity Server Analytics
Version 5.5.0
-
Wso2 Identity Server Analytics
Version 5.4.1
-
Wso2 Identity Server Analytics
Version 5.6.0
-
Wso2 Identity Server Analytics
Version 5.4.0
-
Wso2 Api Manager
Version 2.2.0
through 4.0.0
-
Wso2 Identity Server
Version 5.2.0
through 5.11.0
-
Wso2 Enterprise Integrator
Version 6.2.0
through 6.6.0
-
Wso2 Identity Server As Key Manager
Version 5.3.0
through 5.10.0