org.wso2.is:identity-server-parent@5.4.0-alpha8 vulnerabilities
latest version
6.1.0
first published
7 years ago
latest version published
2 years ago
licenses detected
- [5.4.0-alpha4,)
package registry
Direct Vulnerabilities
Known vulnerabilities in the org.wso2.is:identity-server-parent package. This does not include vulnerabilities belonging to this package’s dependencies.
How to fix?
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free| Vulnerability | Vulnerable Version |
|---|---|
org.wso2.is:identity-server-parent is an open source Identity and Access Management solution federating and managing identities across both enterprise and cloud service environments. Affected versions of this package are vulnerable to Incorrect Authorization due to a business logic flaw in SOAP admin services. An attacker can create a new user with elevated permissions by exploiting accessible SOAP admin services, provided the deployment includes an internally used attribute not part of the default WSO2 product configuration and at least one custom role exists with non-default permissions. Note: This is only exploitable if SOAP admin services are accessible to the attacker, the deployment includes an internally used attribute that is not part of the default WSO2 product configuration, at least one custom role exists with non-default permissions, and the attacker has knowledge of the custom role and the internal attribute used in the deployment. How to fix Incorrect Authorization? Upgrade | [5.2.0,7.0.0) |
org.wso2.is:identity-server-parent is an open source Identity and Access Management solution federating and managing identities across both enterprise and cloud service environments. Affected versions of this package are vulnerable to Cross-site Scripting (XSS) in How to fix Cross-site Scripting (XSS)? There is no fixed version for | [0,) |