{ "affected": [ { "database_specific": { "unresolved_ranges": [ { "events": [ { "introduced": "0" }, { "last_affected": "3.2.1" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "5.2.0" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "5.3.0" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "5.4.0" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "5.4.1" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "5.5.0" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "5.6.0" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "5.7.0" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "5.8.0" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "5.9.0" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "5.10.0" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "5.11.0" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "6.0.0-NA" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "6.1.0-NA" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "7.0.0-NA" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "5.3.0" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "5.5.0" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "5.6.0" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "5.7.0" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "5.9.0" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "5.10.0" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "1.3.0" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "1.4.0" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "1.5.0" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "1.3.0" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "1.4.0" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "1.5.0" } ] } ] }, "ranges": [ { "database_specific": { "versions": [ { "introduced": "0" }, { "last_affected": "2.0.0" }, { "introduced": "0" }, { "last_affected": "2.1.0" }, { "introduced": "0" }, { "last_affected": "2.2.0" }, { "introduced": "0" }, { "last_affected": "2.5.0" }, { "introduced": "0" }, { "last_affected": "2.6.0" }, { "introduced": "0" }, { "last_affected": "3.0.0" }, { "introduced": "0" }, { "last_affected": "3.1.0" }, { "introduced": "0" }, { "last_affected": "3.2.0" }, { "introduced": "0" }, { "last_affected": "4.0.0" }, { "introduced": "0" }, { "last_affected": "4.1.0-NA" }, { "introduced": "0" }, { "last_affected": "4.2.0-NA" }, { "introduced": "0" }, { "last_affected": "4.3.0-NA" }, { "introduced": "0" }, { "last_affected": "2.0.0" }, { "introduced": "0" }, { "last_affected": "2.0.0" } ] }, "events": [ { "introduced": "0" }, { "last_affected": "2d31e24faeeb97e70d7f19033ccff2f843f8c892" }, { "introduced": "0" }, { "last_affected": "6307349bd09fd6fdf9cfe15e170584403fa7e6be" }, { "introduced": "0" }, { "last_affected": "5cdc3f8a5ea212c3bf231cb710ea3436e9aad1d7" }, { "introduced": "0" }, { "last_affected": "828807c24e02a88a91a70e6f9dbc6eeb58be3eaf" }, { "introduced": "0" }, { "last_affected": "a87463944acbc28f14c0af2a32dc30310147a0be" }, { "introduced": "0" }, { "last_affected": "727d091683c8199c37f2d19ab3198abee6553904" }, { "introduced": "0" }, { "last_affected": "2971de274564b622974de831403e9688a4a76c14" }, { "introduced": "0" }, { "last_affected": "e4956e9301b1c26eb06e80ec5c86628154b6ab55" }, { "introduced": "0" }, { "last_affected": "cf00d9e6cb083f94abae11818794f62cd5c94079" }, { "introduced": "0" }, { "last_affected": "9f152cad69fafd010fae1ed02b636409f0860b91" }, { "introduced": "0" }, { "last_affected": "572610e8e6564a647044bdb454eda658e1253352" }, { "introduced": "0" }, { "last_affected": "6e7a9db24a575f1f4a5bc4f4cbb41687c308c466" }, { "introduced": "0" }, { "last_affected": "2d31e24faeeb97e70d7f19033ccff2f843f8c892" }, { "introduced": "0" }, { "last_affected": "2d31e24faeeb97e70d7f19033ccff2f843f8c892" } ], "repo": "https://github.com/wso2/product-apim", "type": "GIT" } ] } ], "details": "A privilege escalation vulnerability exists in multiple WSO2 products due to a business logic flaw in SOAP admin services. A malicious actor can create a new user with elevated permissions only when all of the following conditions are met:\n * SOAP admin services are accessible to the attacker.\n * The deployment includes an internally used attribute that is not part of the default WSO2 product configuration.\n * At least one custom role exists with non-default permissions.\n * The attacker has knowledge of the custom role and the internal attribute used in the deployment.\n\n\nExploiting this vulnerability allows malicious actors to assign higher privileges to self-registered users, bypassing intended access control mechanisms.", "id": "CVE-2024-7096", "modified": "2026-03-10T21:48:35.052358733Z", "published": "2025-05-30T15:15:40.063Z", "references": [ { "type": "ADVISORY", "url": "https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2024/WSO2-2024-3573/" } ], "severity": [ { "score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "type": "CVSS_V3" } ] }