CVE-2022-46364
Summary
| CVE | CVE-2022-46364 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2022-12-13 17:15:00 UTC |
| Updated | 2023-11-07 03:55:00 UTC |
| Description | A SSRF vulnerability in parsing the href attribute of XOP:Include in MTOM requests in versions of Apache CXF before 3.5.5 and 3.4.10 allows an attacker to perform SSRF style attacks on webservices that take at least one parameter of any type. |
Risk And Classification
Problem Types: CWE-918
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| cxf.apache.org/security-advisories.data/CVE-2022-46364.txt | MISC | cxf.apache.org | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 241061 Red Hat Update for JBoss Enterprise Application Platform 7.4 (RHSA-2023:0163)
- 241153 Red Hat Update for JBoss Enterprise Application Platform 7.4.9 (RHSA-2023:0554)
- 241154 Red Hat Update for JBoss Enterprise Application Platform 7.4.9 (RHSA-2023:0552)
- 241155 Red Hat Update for JBoss Enterprise Application Platform 7.4.9 (RHSA-2023:0553)
- 378346 IBM WebSphere Application Server Liberty Server-Side Request Forgery (SSRF) Vulnerability (6953767)
- 378917 IBM Cognos Analytics Multiple Vulnerabilities (7040744)