WS02 - Authorization Bypass (CVE-2024-7097)
133Exploiting IPs reported
The SOAP admin service in WSO2 products has a security vulnerability that allows the creation of new user accounts regardless of the self-registration configuration settings.
CrowdSec analysis
CVE-2024-7097 is a vulnerability in the SOAP admin service of WSO2 products, enabling attackers to create new user accounts regardless of self-registration settings.
CrowdSec has been tracking this vulnerability and its exploits since 13th of March 2025.
CrowdSec network observations suggest that most exploitation of CVE-2024-7097 involves focused reconnaissance to identify viable targets. Attackers typically tailor their campaigns based on system exposure and configuration. It is unlikely that a given attack is accidental. In addition, according to the CrowdSec network, attack volume against CVE-2024-7097 has dipped slightly compared to the previous week. Although still commonly targeted, the decline suggests a cooling-off period. Long-term relevance remains, but attention is waning.
Observed exploitation attempts typically target URLs containing /services/userregistrationadminservice.userregistrationadminservicehttpssoap11endpoint.
Exploitation
Get real-time information about exploitation attempts and actors involved.
Protection
Find out relevant information to protect your stack against this CVE.
Blocklist
With our advanced worldwide network detection, CrowdSec can provide a list of IPs known for exploiting the vulnerability.
To increase your protection against this CVE, block exploitation attempts with this list of identified actors.