{ "affected": [ { "database_specific": { "unresolved_ranges": [ { "events": [ { "introduced": "0" }, { "last_affected": "5.10.0" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "5.11.0" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "6.0.0" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "6.1.0" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "7.0.0" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "5.10.0" } ] } ] }, "ranges": [ { "database_specific": { "versions": [ { "introduced": "0" }, { "last_affected": "3.1.0" }, { "introduced": "0" }, { "last_affected": "3.2.0" }, { "introduced": "0" }, { "last_affected": "4.0.0" } ] }, "events": [ { "introduced": "0" }, { "last_affected": "2971de274564b622974de831403e9688a4a76c14" }, { "introduced": "0" }, { "last_affected": "e4956e9301b1c26eb06e80ec5c86628154b6ab55" }, { "introduced": "0" }, { "last_affected": "cf00d9e6cb083f94abae11818794f62cd5c94079" } ], "repo": "https://github.com/wso2/product-apim", "type": "GIT" } ] } ], "details": "An open redirection vulnerability exists in multiple WSO2 products due to improper validation of the multi-option URL in the authentication endpoint when multi-option authentication is enabled. A malicious actor can craft a valid link that redirects users to an attacker-controlled site.\n\nBy exploiting this vulnerability, an attacker may trick users into visiting a malicious page, enabling phishing attacks to harvest sensitive information or perform other harmful actions.", "id": "CVE-2024-1440", "modified": "2026-03-10T21:47:07.563279979Z", "published": "2025-06-02T17:15:21.153Z", "references": [ { "type": "ADVISORY", "url": "https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2024/WSO2-2024-3171/" } ], "severity": [ { "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "type": "CVSS_V3" } ] }