Home > Vulnerability Database > CVE-2023-6835

Mend.io Vulnerability Database

New vulnerability? Tell us about it!

CVE-2023-6835

Good to know:

Date: December 15, 2023

Multiple WSO2 products have been identified as vulnerable due to lack of server-side input validation in the Forum feature, API rating could be manipulated.

Language: Java

Severity Score

4.3

Related Resources (7)

Url: https://github.com/wso2/carbon-apimgt/commit/2e9591b72bc286dfcd22b57768e984d867c902ba

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-6835

Url: https://github.com/wso2/carbon-apimgt/blob/81e0c0b8ed0bd2dace1e9006be21acbb731c835e/components/forum/org.wso2.carbon.forum/src/main/java/org/wso2/carbon/forum/registry/RegistryForumManager.java#L762

Url: https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2021/WSO2-2021-1357

Url: https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2021/WSO2-2021-1357/

Url: https://github.com/wso2/carbon-apimgt

Url: https://www.mend.io/vulnerability-database/CVE-2023-6835

Severity Score

4.3

Weakness Type (CWE)

Input Validation

CWE-20

CVSS v3.1

Base Score:	4.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	LOW
Availability (A):	NONE

Do you need more information?

Contact Us