CVE-2022-29464

NVD Published Date: April 18, 2022 at 10:15 PM
NVD Last Modified: July 02, 2024 at 05:05 PM
Download Patch
Vulnerability ID
CVE-2022-29464
Severity
CRITICAL
Severity Score
9.8
Summary
Certain WSO2 products allow unrestricted file upload with resultant remote code execution. The attacker must use a /fileupload endpoint with a Content-Disposition directory traversal sequence to reach a directory under the web root, such as a ../../../../repository/deployment/server/webapps directory. This affects WSO2 API Manager 2.2.0 up to 4.0.0, WSO2 Identity Server 5.2.0 up to 5.11.0, WSO2 Identity Server Analytics 5.4.0, 5.4.1, 5.5.0 and 5.6.0, WSO2 Identity Server as Key Manager 5.3.0 up to 5.11.0, WSO2 Enterprise Integrator 6.2.0 up to 6.6.0, WSO2 Open Banking AM 1.4.0 up to 2.0.0 and WSO2 Open Banking KM 1.4.0, up to 2.0.0.
Mitigation and Patches
-
Exploits

https://github.com/hakivvi/CVE-2022-29464

https://github.com/oppsec/WSOB

https://github.com/electr0lulz/Mass-exploit-CVE-2022-29464

https://github.com/Inplex-sys/CVE-2022-29464-loader

https://github.com/ThatNotEasy/CVE-2022-29464

https://github.com/gbrsh/CVE-2022-29464

https://github.com/Lidong-io/cve-2022-29464

https://github.com/r4x0r1337/-CVE-2022-29464

https://github.com/gpiechnik2/nmap-CVE-2022-29464

https://github.com/hev0x/CVE-2022-29464

https://github.com/hakivvi/CVE-2022-29464

https://github.com/Lidong-io/cve-2022-29464

https://github.com/oppsec/WSOB

https://github.com/hakivvi/CVE-2022-29464

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/wso2_file_upload_rce.rb

https://github.com/UUFR/CVE-2022-29464

https://github.com/Inplex-sys/CVE-2022-29464-loader

https://github.com/Chocapikk/CVE-2022-29464

https://github.com/electr0lulz/Mass-exploit-CVE-2022-29464

https://github.com/Pasch0/WSO2RCE

https://packetstormsecurity.com/files/166921/WSO-Arbitrary-File-Upload-Remote-Code-Execution.html

https://www.cisa.gov/known-exploited-vulnerabilities-catalog

http://packetstormsecurity.com/files/166921/WSO-Arbitrary-File-Upload-Remote-Code-Execution.html

https://github.com/Blackyguy/-CVE-2022-29464

https://github.com/gbrsh/CVE-2022-29464

https://github.com/gpiechnik2/nmap-CVE-2022-29464

https://github.com/Pari-Malam/CVE-2022-29464

https://github.com/r4x0r1337/-CVE-2022-29464

https://github.com/ThatNotEasy/CVE-2022-29464

https://github.com/hev0x/CVE-2022-29464

Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE ID
CWE-22

Recent Publish

CVE-2024-6586

CVE-2024-6585

CVE-2024-45304

CVE-2024-8006

CVE-2023-7256

CVE-2024-39747

See SecOps Solution
in action

Schedule Demo