Skip to main content

Critical Vulnerability in Multiple WSO2 Products Exploited - CVE-2022-29464

CVE-2022-29464 Summary

Over the past week, threat actors have started scanning for and opportunistically exploiting CVE-2022-29464--a remote code execution vulnerability in multiple WSO2 products used to integrate application programming interfaces (API), applications, and web services. CVE-2022-29464 vulnerability has a CVSS score of 9.8 and severity of Critical which allowed unauthenticated and remote attackers to execute arbitrary code in the following products:

Product

Versions

 WSO2 API Manager

 2.2.0 and above

 WSO2 Identity Server

 5.2.0 and above

 WSO2 Identity Server Analytics

 5.4.0, 5.4.1, 5.5.0, 5.6.0

 WSO2 Identity Server as Key Manager

 5.3.0 and above

 WSO2 Enterprise Integrator

 6.2.0 and above

 WSO2 Open Banking AM

 1.4.0 and above

 WSO2 Open Banking KM

 1.4.0 and above

 

Due to improper user input validation, threat actors can upload arbitrary files to a user-controlled location on the server, which could lead to remote code execution. Threat actors are leveraging a slightly modified proof-of-concept (PoC) exploit to install web shells and coin miners on both Linux and Windows installations.

Recommendations

Recommendation #1: Apply Applicable Security Patch

All supported product versions received patches in February 2022. If you are a WSO2 customer with a Support Subscription, use WSO2 Updates to apply the relevant patch. If you are not leveraging a Support Subscription or are using an end-of-life product, apply the relevant security patch from the following GitHub repositories:

Recommendation #2: Apply Applicable Temporary Workarounds

If applying the latest security patch is not feasible, apply the temporary mitigation steps provided by WSO2 here. The workarounds have been tested against general use cases. However, we recommend following change management best practices by testing changes in a dev environment before deploying to production.

References

About the Author

Sule Tatar is a Product Marketing Manager at Arctic Wolf, where she does research on security trends and brings groundbreaking cybersecurity products and services to market. She has extensive experience in the B2B cybersecurity space and holds a bachelor's degree in computer engineering and an MBA.

Profile Photo of Sule Tatar