Authorization Gap in WSO2 Products Allowing Unauthorized File Access
CVE-2024-3511

4.3MEDIUM

Key Information:

Vendor: Wso2
Status: Wso2 Enterprise Integrator; Wso2 Api Manager; Wso2 Identity Server As Key Manager; Wso2 Identity Server
Vendor: CVE Published:; 23 June 2025

What is CVE-2024-3511?

An authorization vulnerability in multiple WSO2 products allows unauthorized access to versioned files stored in the registry. Exploiting this flaw enables a malicious actor, with access to the management console, to bypass authorization controls and retrieve sensitive configuration or resource files. This unauthorized access may compromise the integrity of systems and expose critical data, opening doors to further attacks or reconnaissance activities. Timely updates and security measures are essential for safeguarding against this risk.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

WSO2 API Manager 3.1.0 < 3.1.0.273

WSO2 API Manager 3.2.0 < 3.2.0.361

WSO2 API Manager 3.2.1 < 3.2.1.13

References

https://security.docs.wso2.com/en/latest/security-announc...

vendor-advisory

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 23, 2025
Vulnerability Reserved
Apr 9, 2024

Credit

Viral Maniar - Security Researcher at Preemptive Cyber Security Pty Ltd

JSON

Wso2

What is CVE-2024-3511?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Credit

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.