CVE-2023-6835
unknown
CVSS v3
โ
CVSS v4 NEW
โ
VIR risk
โ
Description
WSO2 API Manager allows attackers to change the API rating
Predictions
Exploit likelihood
30%
Patch ETA
โ
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
No mitigations published for this CVE yet.
The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or โ if you've already worked around this in production โ publish your fix to the community-verified tier.
โ Propose a mitigation on Community โ Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here withsource_tier=community-verified.
Package impact
| Ecosystem | Package | Vulnerable | Fixed |
|---|---|---|---|
| Maven | org.wso2.carbon.apimgt:forum | <=9.0.78 | |
References
- https://nvd.nist.gov/vuln/detail/CVE-2023-6835
- https://github.com/wso2/carbon-apimgt/commit/2e9591b72bc286dfcd22b57768e984d867c902ba
- https://github.com/wso2/carbon-apimgt
- https://github.com/wso2/carbon-apimgt/blob/81e0c0b8ed0bd2dace1e9006be21acbb731c835e/components/forum/org.wso2.carbon.forum/src/main/java/org/wso2/carbon/forum/registry/RegistryForumManager.java#L762
- https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2021/WSO2-2021-1357
Community-verified mitigations for this CVE will appear above when contributors publish them.
Verify integrity in audit chain (admin only). AS-IS.