April 25, 2022 · Applied Cybernetics Group
CVE-2022-29464 — WSO2 Multiple Products
known ransomware use
WSO2 Multiple Products Unrestrictive Upload of File Vulnerability
- Added to KEV
2022-04-25- Federal due date
2022-05-16- Vendor
- WSO2
- Product
- Multiple Products
- EPSS
- 100.0th percentile (score 0.944, as of
2026-06-08) - NVD CVSS v3.1
- —
- Ransomware use
- Known
- Upstream
- https://nvd.nist.gov/vuln/detail/CVE-2022-29464
CISA short description
Multiple WSO2 products allow for unrestricted file upload, resulting in remote code execution.
Required action
Apply updates per vendor instructions.