It is highly recommended to always validate input and to not use the driver value directly. If you are using the Management Console, a recommended mitigation is to close the browser tab and reopen it. Another mitigation is to switch to a different driver. A full list of the available drivers can be found here. In case of problems, switching to the ODBC driver is recommended. As soon as you update to WSO2 Enterprise Integrator 6.4.0, you will receive this update. This issue has been fixed in WSO2 Enterprise Integrator 6.4.0.
An issue was discovered in WSO2 Enterprise Integrator 6.4.0. A Remote Code Execution vulnerability has been identified in the installation path of the Management Console. An attacker could use this to run arbitrary code on the application server.
It is highly recommended to always validate input and to not use the installation path directly. If you are using the installation path, a recommended mitigation is to change the installation path. Another mitigation is to change the installation path and to provide a non-root user with the installation path. A full list of the installation paths can be found here. In case of problems, changing the installation path is recommended. As soon as you update to WSO2 Enterprise Integrator 6.4.0, you will receive this update. This issue has been fixed in WSO2 Enterprise Integrator 6.4.0.
An issue was discovered in WSO2
WSO2 Security Development Lifecycle
WSO2 has a strong commitment to the WSDL Security Development Lifecycle (SDL) model. This is reflected in the company's approach to security. To learn more about the SDL and how WSO2 uses it, please visit
https://www.wso2.com/security-development-lifecycle
Timeline
Published on: 09/09/2022 17:15:00 UTC
Last modified on: 09/14/2022 16:43:00 UTC