CVE-2024-7097 Scanner

WSO2 is a widely used middleware platform providing various enterprise solutions, including API management, identity management, and integration services. It is primarily used by organizations to manage authentication, user identities, and enterprise service buses efficiently. The platform is designed to streamline digital transformation and enable seamless integration across diverse systems and services. However, any vulnerabilities within this system could have far-reaching consequences for enterprises relying on WSO2's authentication and management services.

The detected vulnerability enables attackers to create arbitrary accounts via the SOAP admin service, bypassing existing self-registration restrictions. This issue stems from improper checks on the configuration settings governing user registrations. By exploiting this vulnerability, malicious actors can create unauthorized accounts without administrative approval, potentially compromising system security.

Technically, the vulnerability arises from a flaw in the UserRegistrationAdminService endpoint of the WSO2 SOAP service. Attackers can craft malicious SOAP requests to invoke the `addUser` action, enabling unauthorized account creation. The vulnerable endpoints do not validate the self-registration configuration properly, leaving systems exposed to exploitation.

If exploited, this vulnerability can result in unauthorized access to sensitive resources by attackers using the arbitrarily created accounts. It could also facilitate privilege escalation if the new accounts are granted elevated permissions. Moreover, the presence of unauthorized accounts undermines the integrity and reliability of the WSO2 platform within the organization.

REFERENCES

• https://sec.vnpt.vn/2025/01/canh-bao-lo-hong-nghiem-trong-tren-nen-tang-xac-thuc-tap-trung-wso2-anh-huong-den-nhieu-co-quan-to-chuc-bo-ban-nganh/
• https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2024/WSO2-2024-3574/