CVE-2022-29464

Name of the Vulnerable Software and Affected Versions WSO2 API Manager versions 2.2.0 through 4.0.0 WSO2 Identity Server versions 5.2.0 through 5.11.0 WSO2 Identity Server Analytics versions 5.4.0, 5.4.1, 5.5.0, and 5.6.0 WSO2 Identity Server as Key Manager versions 5.3.0 through 5.11.0 WSO2 Enterprise Integrator versions 6.2.0 through 6.6.0 WSO2 Open Banking AM versions 1.4.0 through 2.0.0 WSO2 Open Banking KM versions 1.4.0 through 2.0.0

Description Certain WSO2 products allow unrestricted file upload with resultant remote code execution. The attacker must use a "/fileupload" endpoint with a Content-Disposition directory traversal sequence to reach a directory under the web root, such as a ../../../../repository/deployment/server/webapps directory. This vulnerability can be exploited by uploading malicious JSP files to the server, allowing unauthorized remote code execution.

Recommendations For WSO2 API Manager versions 2.2.0 through 4.0.0, update to a version that contains a fix for this vulnerability. For WSO2 Identity Server versions 5.2.0 through 5.11.0, update to a version that contains a fix for this vulnerability. For WSO2 Identity Server Analytics versions 5.4.0, 5.4.1, 5.5.0, and 5.6.0, update to a version that contains a fix for this vulnerability. For WSO2 Identity Server as Key Manager versions 5.3.0 through 5.11.0, update to a version that contains a fix for this vulnerability. For WSO2 Enterprise Integrator versions 6.2.0 through 6.6.0, update to a version that contains a fix for this vulnerability. For WSO2 Open Banking AM versions 1.4.0 through 2.0.0, update to a version that contains a fix for this vulnerability. For WSO2 Open Banking KM versions 1.4.0 through 2.0.0, update to a version that contains a fix for this vulnerability. As a temporary workaround, consider disabling the "/fileupload" endpoint until a patch is available.