CVE-2023-6835 — WSO2 API Manager allows attackers to change the API rating

Description

Multiple WSO2 products have been identified as vulnerable due to lack of server-side input validation in the Forum feature, API rating could be manipulated.

How to fix CVE-2023-6835

No fixed version has been published yet. Mitigate by removing the affected package or applying upstream guidance from the references below.

Maven/org.wso2.carbon.apimgt:forum—no fix listed

Is CVE-2023-6835 being exploited?

Low — EPSS is 0.5%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

from 0, <= 9.0.78

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	MEDIUM4.3	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

References (5)

ADVISORYnvd.nist.gov/vuln/detail/CVE-2023-6835
PATCHgithub.com/wso2/carbon-apimgt
WEBgithub.com/wso2/carbon-apimgt/blob/81e0c0b8ed0bd2dace1e9006be21acbb731c835e/components/forum/org.wso2.carbon.forum/src/main/java/org/wso2/carbon/forum/registry/RegistryForumManager.java#L762
WEB