11 CVEs

1 in CISA KEV

wso2-attic Vulnerabilities

CVE security advisories and vulnerability history for wso2-attic.

11

Total CVEs

Published

1

In CISA KEV

Exploited in the wild

3

Public exploits

With known exploit

7.3

Avg CVSS

2020–2025

Overview

wso2-attic has 11 published CVE records since 2020, of which 1 are in CISA's Known Exploited Vulnerabilities catalog and 3 have a known public exploit. The average CVSS base score across scored CVEs is 7.3.

This page aggregates every publicly disclosed vulnerability (CVE) affecting wso2-attic products, with severity breakdowns, the most-affected products, the most common weakness types, and the latest disclosures.

Severity and exploitation

How the CVSS severity of wso2-attic's CVEs breaks down, plus how many are exploited in the wild or have public exploit code.

Critical2

High3

Medium5

Low0

1 additional CVE has no CVSS severity score.

In CISA’s Known Exploited Vulnerabilities catalog

1

One of wso2-attic's CVEs is confirmed exploited in the wild.

Public exploits

3

3 of wso2-attic's CVEs have a known public exploit available.

Most affected products

The wso2-attic products with the most published CVEs.

api manager11 CVEs
analytics-is11 CVEs
identity server analytics11 CVEs
api manager analytics10 CVEs
identity server10 CVEs
identity server as key manager10 CVEs
enterprise integrator9 CVEs
api microgateway7 CVEs

Common weakness types

The CWE weakness categories most often found in wso2-attic CVEs. Follow any weakness for its full explanation.

CNAs that assign these CVEs

The CVE Numbering Authorities that publish wso2-attic CVE records.

Disclosure activity by year

How many wso2-attic CVEs were published each year.

2020

6

2021

1

2022

2

2023

1

2025

1

Latest wso2-attic CVEs

The most recently disclosed vulnerabilities affecting wso2-attic.

Improper Access Control in Multiple WSO2 Products via Internal SOAP Admin Services and System REST APIs
CWE-284
Critical · CVSS 9.6
EPSS 0.0%2025-10-16
Medium vulnerability · 2023-12-18
CWE-79
Medium · CVSS 4.8
EPSS 0.3%2023-12-18
Medium vulnerability · 2022-04-21
Medium · CVSS 4.6
EPSS 76.4%2022-04-21
Critical vulnerability · 2022-04-18
CISA KEV
CWE-22
Critical · CVSS 9.3
EPSS 94.4%2022-04-18
Vulnerability vulnerability · 2021-04-05
Unscored
EPSS 57.8%2021-04-05
High vulnerability · 2020-08-27
High · CVSS 8.8
EPSS 0.4%2020-08-27
High vulnerability · 2020-08-27
High · CVSS 8.8
EPSS 0.4%2020-08-27
Medium vulnerability · 2020-08-27
Medium · CVSS 6.1
EPSS 0.3%2020-08-27
Medium vulnerability · 2020-08-27
Medium · CVSS 6.1
EPSS 0.7%2020-08-27
Medium vulnerability · 2020-08-21
Medium · CVSS 6.5
EPSS 0.4%2020-08-21
High vulnerability · 2020-05-07
High · CVSS 8.7
EPSS 0.4%2020-05-07

Track new wso2-attic CVEs as they are disclosed and get AI-written analysis and remediation guidance.

Monitor wso2-attic CVEs

Other vendors

Browse vulnerabilities for other tracked vendors.

microsoft24,097 CVEs Linux19,131 CVEs google14,281 CVEs apple14,019 CVEs oracle10,440 CVEs debian10,201 CVEs IBM8,265 CVEs Adobe7,222 CVEs

Browse all vendors

Frequently asked questions

Common questions about wso2-attic vulnerabilities.

How many CVEs does wso2-attic have?

wso2-attic has 11 published CVE records since 2020, including 1 in the last two years.

How many wso2-attic CVEs are in CISA KEV?

Yes — 1 of wso2-attic's CVEs are listed in CISA's Known Exploited Vulnerabilities catalog, confirmed exploited in the wild and carrying a CISA remediation deadline.

Which wso2-attic products have the most CVEs?

The wso2-attic products with the most published CVEs are api manager, analytics-is, identity server analytics, api manager analytics, identity server.

What are the most common weakness types in wso2-attic CVEs?

wso2-attic's CVEs most often map to these CWE weakness types: CWE-22 (Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')), CWE-284 (Improper Access Control), CWE-79 (Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')).

Are there public exploits for wso2-attic vulnerabilities?

Yes — 3 of wso2-attic's CVEs have a known public exploit.

How many critical wso2-attic vulnerabilities are there?

wso2-attic has 2 critical and 3 high-severity CVEs.

What is the average severity of wso2-attic CVEs?

The average CVSS base score across wso2-attic's scored CVEs is 7.3.

References

Vulnerability data is sourced from the CVE Program; severity, KEV, and exploit signals are aggregated by RadicalNotion.AI.

Track wso2-attic vulnerabilities

Monitor new wso2-attic vulnerabilities as they are disclosed, with AI-written analysis and remediation guidance.

Start free See pricing