CVSS 3.1 Score 8.5 of 10 (high)


Published Dec 15, 2023
Updated: Jan 5, 2024


CVE-2023-6837 is a vulnerability that affects multiple WSO2 products. It allows a malicious actor to perform user impersonation using JIT provisioning. To exploit this vulnerability, certain conditions must be met, including having an IDP configured for federated authentication with JIT provisioning enabled and a service provider using the same IDP with the "Assert identity using mapped local subject identifier" flag enabled. The attacker should also have a fresh valid user account in the federated IDP and knowledge of a valid username in the local IDP. This vulnerability poses a potential danger to organizations as it allows unauthorized access and impersonation of users.

Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2023-6837 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options