Is CVE-2024-7487 actively exploited?

CVE-2024-7487 has no public evidence of in-the-wild exploitation as of 2025-10-06.

What is the CVSS score for CVE-2024-7487?

CVE-2024-7487 has a CVSS score of 5.8 (MEDIUM severity). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N.

How do I patch CVE-2024-7487?

Patch guidance is available from wso2 security advisories. CVEDatabase generates AI-assisted remediation guidance on demand for CVE-2024-7487.

Which products are affected by CVE-2024-7487?

1 product: wso2 identity server.

CVE-2024-7487 - remediation guidance & executive summary

Description

An improper authentication vulnerability exists in WSO2 Identity Server 7.0.0 due to an implementation flaw that allows app-native authentication to be bypassed when an invalid object is passed. Exploitation of this vulnerability could enable malicious actors to circumvent the client verification mechanism, compromising the integrity of the authentication process.

CVSS Metrics

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N
Attack Vector: network
Complexity: low
Privileges: none
User Action: none
Scope: changed
Confidentiality: none
Integrity: low
Availability: none
Weaknesses: CWE-287 · Improper Authentication

Metadata

Primary Vendor: WSO2
Published: 5/22/2025
Last Modified: 10/6/2025
Source: NIST NVD
Note: Verify all details with official vendor sources before applying patches.

CVE-2024-7487

Description

CVSS Metrics

Metadata

Affected Products

Remediation Guidance

Executive Summary