CVE-2024-0392

Name of the Vulnerable Software and Affected Versions WSO2 Enterprise Integrator version 6.6.0

Description A Cross-Site Request Forgery (CSRF) issue exists in the management console due to the absence of CSRF token validation. This allows attackers to craft malicious requests that can trigger state-changing operations on behalf of an authenticated user, potentially compromising account settings and data integrity. The issue only affects a limited set of state-changing operations, and successful exploitation requires social engineering to trick a user with access to the management console into performing the malicious action.

Recommendations For WSO2 Enterprise Integrator version 6.6.0, consider implementing CSRF token validation in the management console to prevent malicious requests. As a temporary workaround, restrict access to the management console and educate users about the risks of social engineering attacks to minimize the risk of exploitation.