cve/2024/CVE-2024-7097.md

### [CVE-2024-7097](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7097)
![](https://img.shields.io/static/v1?label=Product&message=WSO2%20API%20Manager&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=WSO2%20Enterprise%20Mobility%20Manager&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=WSO2%20Identity%20Server%20as%20Key%20Manager&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=WSO2%20Identity%20Server&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=WSO2%20Open%20Banking%20AM&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=WSO2%20Open%20Banking%20IAM&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=WSO2%20Open%20Banking%20KM&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=1.3.0%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=1.4.0%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=1.5.0%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=2.0.0%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=2.1.0%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=2.2.0%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=2.5.0%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=2.6.0%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=3.0.0%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=3.1.0%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=3.2.0%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=3.2.1%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=4.0.0%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=4.1.0%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=4.2.0%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=4.3.0%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=5.10.0%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=5.11.0%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=5.2.0%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=5.3.0%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=5.4.0%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=5.4.1%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=5.5.0%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=5.6.0%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=5.7.0%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=5.8.0%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=5.9.0%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=6.0.0%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=6.1.0%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=7.0.0%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=blue)

### Description

An incorrect authorization vulnerability exists in multiple WSO2 products due to a flaw in the SOAP admin service, which allows user account creation regardless of the self-registration configuration settings. This vulnerability enables malicious actors to create new user accounts without proper authorization.Exploitation of this flaw could allow an attacker to create multiple low-privileged user accounts, gaining unauthorized access to the system. Additionally, continuous exploitation could lead to system resource exhaustion through mass user creation.

### POC

#### Reference
No PoCs from references.

#### Github
- https://github.com/20142995/nuclei-templates
- https://github.com/cyb3r-w0lf/nuclei-template-collection
Update CVE list 2025-09-29 21:09 2025-09-29 21:09:30 +02:00			`### [CVE-2024-7097](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7097)`
			`![](https://img.shields.io/static/v1?label=Product&message=WSO2%20API%20Manager&color=blue)`
			`![](https://img.shields.io/static/v1?label=Product&message=WSO2%20Enterprise%20Mobility%20Manager&color=blue)`
			`![](https://img.shields.io/static/v1?label=Product&message=WSO2%20Identity%20Server%20as%20Key%20Manager&color=blue)`
			`![](https://img.shields.io/static/v1?label=Product&message=WSO2%20Identity%20Server&color=blue)`
			`![](https://img.shields.io/static/v1?label=Product&message=WSO2%20Open%20Banking%20AM&color=blue)`
			`![](https://img.shields.io/static/v1?label=Product&message=WSO2%20Open%20Banking%20IAM&color=blue)`
			`![](https://img.shields.io/static/v1?label=Product&message=WSO2%20Open%20Banking%20KM&color=blue)`
			`![](https://img.shields.io/static/v1?label=Version&message=&color=brightgreen)`
			`![](https://img.shields.io/static/v1?label=Version&message=1.3.0%20&color=brightgreen)`
			`![](https://img.shields.io/static/v1?label=Version&message=1.4.0%20&color=brightgreen)`
			`![](https://img.shields.io/static/v1?label=Version&message=1.5.0%20&color=brightgreen)`
			`![](https://img.shields.io/static/v1?label=Version&message=2.0.0%20&color=brightgreen)`
			`![](https://img.shields.io/static/v1?label=Version&message=2.1.0%20&color=brightgreen)`
			`![](https://img.shields.io/static/v1?label=Version&message=2.2.0%20&color=brightgreen)`
			`![](https://img.shields.io/static/v1?label=Version&message=2.5.0%20&color=brightgreen)`
			`![](https://img.shields.io/static/v1?label=Version&message=2.6.0%20&color=brightgreen)`
			`![](https://img.shields.io/static/v1?label=Version&message=3.0.0%20&color=brightgreen)`
			`![](https://img.shields.io/static/v1?label=Version&message=3.1.0%20&color=brightgreen)`
			`![](https://img.shields.io/static/v1?label=Version&message=3.2.0%20&color=brightgreen)`
			`![](https://img.shields.io/static/v1?label=Version&message=3.2.1%20&color=brightgreen)`
			`![](https://img.shields.io/static/v1?label=Version&message=4.0.0%20&color=brightgreen)`
			`![](https://img.shields.io/static/v1?label=Version&message=4.1.0%20&color=brightgreen)`
			`![](https://img.shields.io/static/v1?label=Version&message=4.2.0%20&color=brightgreen)`
			`![](https://img.shields.io/static/v1?label=Version&message=4.3.0%20&color=brightgreen)`
			`![](https://img.shields.io/static/v1?label=Version&message=5.10.0%20&color=brightgreen)`
			`![](https://img.shields.io/static/v1?label=Version&message=5.11.0%20&color=brightgreen)`
			`![](https://img.shields.io/static/v1?label=Version&message=5.2.0%20&color=brightgreen)`
			`![](https://img.shields.io/static/v1?label=Version&message=5.3.0%20&color=brightgreen)`
			`![](https://img.shields.io/static/v1?label=Version&message=5.4.0%20&color=brightgreen)`
			`![](https://img.shields.io/static/v1?label=Version&message=5.4.1%20&color=brightgreen)`
			`![](https://img.shields.io/static/v1?label=Version&message=5.5.0%20&color=brightgreen)`
			`![](https://img.shields.io/static/v1?label=Version&message=5.6.0%20&color=brightgreen)`
			`![](https://img.shields.io/static/v1?label=Version&message=5.7.0%20&color=brightgreen)`
			`![](https://img.shields.io/static/v1?label=Version&message=5.8.0%20&color=brightgreen)`
			`![](https://img.shields.io/static/v1?label=Version&message=5.9.0%20&color=brightgreen)`
			`![](https://img.shields.io/static/v1?label=Version&message=6.0.0%20&color=brightgreen)`
			`![](https://img.shields.io/static/v1?label=Version&message=6.1.0%20&color=brightgreen)`
			`![](https://img.shields.io/static/v1?label=Version&message=7.0.0%20&color=brightgreen)`
			`![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=blue)`

			`### Description`

			An incorrect authorization vulnerability exists in multiple WSO2 products due to a flaw in the SOAP admin service, which allows user account creation regardless of the self-registration configuration settings. This vulnerability enables malicious actors to create new user accounts without proper authorization.Exploitation of this flaw could allow an attacker to create multiple low-privileged user accounts, gaining unauthorized access to the system. Additionally, continuous exploitation could lead to system resource exhaustion through mass user creation.

			`### POC`

			`#### Reference`
			`No PoCs from references.`

			`#### Github`
			`- https://github.com/20142995/nuclei-templates`
			`- https://github.com/cyb3r-w0lf/nuclei-template-collection`