On Tuesday, April 25, 2022, the Dutch National Cyber Security Center (NCSC) published a security advisory in response to published security patches for WSO2 products. In addition, active misuse of the vulnerability has been observed in the wild.
WSO2 is an open-source technology provider founded in 2005. It provides an enterprise platform for integrating application programming interfaces (APIs), applications and Web services locally and over the Internet.
The specific vulnerability for which this Threat Intelligence Report was written concerns CVE-2022-29464 which allows an attacker to place a backdoor on the affected system without authenticating.
In the Threat Intelligence Report, you will find details of these vulnerabilities