Critical WSO2 vulnerability actively exploited

Malicious actors have been actively exploiting a critical security flaw impacting several products of enterprise software development solutions vendor WSO2, which are being utilized by various major companies around the world, reports SecurityWeek. Rapid7 and Bad Packets have noted that the vulnerability, tracked as CVE-2022-29464 and found in WSO2’s API Manager, Enterprise Integrator, Identity Server, and Open Banking offerings, is being leveraged by threat actors in the wild. "Attackers appear to be staying close to the original proof-of-concept exploit and are dropping web shells and coin miners on exploited targets," sad Rapid7. The exploitation of the vulnerability may prompt remote code execution, according to WSO2. "Due to improper validation of user input, a malicious actor could upload an arbitrary file to a user controlled location of the server. By leveraging the arbitrary file upload vulnerability, it is further possible to gain remote code execution on the server," said WSO2. Moreover, the Cybersecurity and Infrastructure Security Agency has added the bug in its Known Exploited Vulnerabilities Catalog, with federal agencies urged to apply patches until May 16.