U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Vulnerability Change Records for CVE-2024-0391

Change History

CVE Modified by CISA-ADP 6/17/2026 2:53:24 AM

Action Type Old Value New Value
Added SSVC

                  
                
              
{"timestamp":"2026-05-11T12:45:51.278289Z","id":"CVE-2024-0391","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}

CVE Modified by WSO2 LLC 6/17/2026 2:53:24 AM

Action Type Old Value New Value
Added Affected

                  
                
              
[{"vendor":"WSO2","product":"WSO2 Identity Server","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"5.10.0","versionType":"custom","status":"unknown"},{"version":"5.10.0","lessThan":"5.10.0.379","versionType":"custom","status":"affected"},{"version":"5.11.0","lessThan":"5.11.0.426","versionType":"custom","status":"affected"},{"version":"5.11.0","lessThan":"5.11.0.431","versionType":"custom","status":"affected"},{"version":"6.0.0","lessThan":"6.0.0.253","versionType":"custom","status":"affected"},{"version":"6.1.0","lessThan":"6.1.0.254","versionType":"custom","status":"affected"},{"version":"7.0.0","lessThan":"7.0.0.131","versionType":"custom","status":"affected"}]},{"vendor":"WSO2","product":"WSO2 Open Banking IAM","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"2.0.0","versionType":"custom","status":"unknown"},{"version":"2.0.0","lessThan":"2.0.0.318","versionType":"custom","status":"affected"}]},{"vendor":"WSO2","product":"WSO2 Identity Server as Key Manager","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"5.10.0","versionType":"custom","status":"unknown"},{"version":"5.10.0","lessThan":"5.10.0.267","versionType":"custom","status":"affected"}]},{"vendor":"WSO2","product":"Email OTP Authenticator","defaultStatus":"unknown","packageName":"org.wso2.carbon.identity.local.auth.emailotp:org.wso2.carbon.identity.local.auth.emailotp","versions":[{"version":"1.0.18","lessThan":"1.0.18.7","versionType":"custom","status":"affected"},{"version":"1.0.24","lessThanOrEqual":"*","versionType":"custom","status":"unaffected"}]},{"vendor":"WSO2","product":"WSO2 Carbon Authenticator Library For EmailOTP","defaultStatus":"unknown","packageName":"org.wso2.carbon.extension.identity.authenticator.outbound.emailotp:org.wso2.carbon.identity.authenticator.emailotp","versions":[{"version":"4.1.0","lessThan":"4.1.0.8","versionType":"custom","status":"affected"},{"version":"4.1.4","lessThan":"4.1.4.9","versionType":"custom","status":"affected"},{"version":"4.1.22","lessThanOrEqual":"*","versionType":"custom","status":"unaffected"}]},{"vendor":"WSO2","product":"WSO2 Carbon Authenticator Library For EmailOTP","defaultStatus":"unknown","packageName":"org.wso2.carbon.extension.identity.authenticator.outbound.emailotp:org.wso2.carbon.extension.identity.authenticator.emailotp.connector","versions":[{"version":"3.0.5","lessThan":"3.0.5.8","versionType":"custom","status":"affected"},{"version":"3.0.24","lessThan":"3.0.24.6","versionType":"custom","status":"affected"},{"version":"3.0.26","lessThan":"3.0.26.16","versionType":"custom","status":"affected"}]}]