A SSRF vulnerability in parsing the href attribute of XOP:Include in MTOM requests in versions of Apache CXF before 3.5.5 and 3.4.10 allows an attacker to perform SSRF style attacks on webservices that take at least one parameter of any type. 
History

Mon, 25 Nov 2024 14:30:00 +0000

Type Values Removed Values Added
First Time appeared Redhat jboss Enterprise Application Platform Eus
CPEs cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.1::el7
cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7
Vendors & Products Redhat jboss Enterprise Application Platform Eus

cve-icon MITRE

Status: PUBLISHED

Assigner: apache

Published: 2022-12-13T16:20:26.765Z

Updated: 2024-08-03T14:31:46.249Z

Reserved: 2022-12-02T08:07:46.894Z

Link: CVE-2022-46364

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2022-12-13T17:15:17.587

Modified: 2024-11-21T07:30:28.037

Link: CVE-2022-46364

cve-icon Redhat

Severity : Important

Publid Date: 2022-12-13T00:00:00Z

Links: CVE-2022-46364 - Bugzilla