Organizations Warned of Attacks Exploiting WSO2 Vulnerability

Products made by enterprise software development solutions provider WSO2 are affected by a critical vulnerability that has been exploited in the wild.

According to WSO2’s website, its products are used by many major companies worldwide, including Fortune 500 firms, which could all be at risk.

In addition, the US Cybersecurity and Infrastructure Security Agency (CISA) on Monday added the flaw to its Known Exploited Vulnerabilities Catalog and instructed federal agencies to install the available patches until May 16.

The security hole is tracked as CVE-2022-29464 and it impacts WSO2’s API Manager, Identity Server, Enterprise Integrator, and Open Banking products. In its advisory for CVE-2022-29464, the vendor said temporary mitigations were made available in January 2022 and fixes were delivered in February.

The vulnerability, discovered by Orange Tsai from DEVCORE, who over the past years has discovered many critical bugs that ended up being exploited in attacks, has been described as an arbitrary file upload issue that can lead to remote code execution.

“Due to improper validation of user input, a malicious actor could upload an arbitrary file to a user controlled location of the server. By leveraging the arbitrary file upload vulnerability, it is further possible to gain remote code execution on the server,” WSO2 said in its advisory.

Technical details and proof-of-concept (PoC) exploits are available for the vulnerability and Rapid7 on Friday reported seeing opportunistic exploitation in the wild.

“Attackers appear to be staying close to the original proof-of-concept exploit and are dropping web shells and coin miners on exploited targets,” Rapid7 said, noting that exploitation is “quite easy.”

Threat intelligence company Bad Packets has also reported seeing exploitation attempts.

In addition to the WSO2 bug, CISA added six other flaws to its Known Exploited Vulnerabilities Catalog, which is often referred to as a “Must-Patch” list, due to the fact that government agencies are required — and private organizations are advised — to immediately address these vulnerabilities.

The most recent issues added to the list are two Windows bugs (CVE-2022-26904 and CVE-2022-21919) and the Linux kernel flaw named Dirty Pipe.

Suggest an edit to this article

Go to Cybersecurity Knowledge Base

Got to the Latest Cybersecurity News

Go to Cybersecurity Academy

Go to Homepage

Stay informed of the latest Cybersecurity trends, threats and developments. Sign up for our Weekly Cybersecurity Newsletter Today.

Remember, CyberSecurity Starts With You!

• Globally, 30,000 websites are hacked daily.
• 64% of companies worldwide have experienced at least one form of a cyber attack.
• There were 20M breached records in March 2021.
• In 2020, ransomware cases grew by 150%.
• Email is responsible for around 94% of all malware.
• Every 39 seconds, there is a new attack somewhere on the web.
• An average of around 24,000 malicious mobile apps are blocked daily on the internet.