CVE-2022-46364

ADVISORY - github

Summary

A SSRF vulnerability in parsing the href attribute of XOP:Include in MTOM requests in versions of Apache CXF before 3.5.5 and 3.4.10 allows an attacker to perform SSRF style attacks on webservices that take at least one parameter of any type.

EPSS Score⁠: 0.00111 (0.305)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-918⁠

Server-Side Request Forgery (SSRF)

ADVISORY - github

CWE-918⁠

Server-Side Request Forgery (SSRF)

ADVISORY - gitlab

CWE-1035⁠

OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities

CWE-918⁠

Server-Side Request Forgery (SSRF)

CWE-937⁠

OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

ADVISORY - redhat

CWE-918⁠

Server-Side Request Forgery (SSRF)

Impacted images

Advisories

NIST

CREATED

3 years ago

UPDATED

2 months ago

ADVISORY IDCVE-2022-46364⁠

EXPLOITABILITY SCORE

3.9

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-918⁠

CVSS SCORE

9.8critical

GitHub

CREATED

3 years ago

UPDATED

3 years ago

ADVISORY IDGHSA-x3x3-qwjq-8gj4⁠

EXPLOITABILITY SCORE

3.9

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-918⁠

CVSS SCORE

9.8critical

GitLab

CREATED

3 years ago

UPDATED

2 years ago

ADVISORY ID

CVE-2022-46364

EXPLOITABILITY SCORE

3.9

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-1035⁠CWE-918⁠CWE-937⁠

CVSS SCORE

9.8critical

Red Hat

CREATED

3 years ago

UPDATED

4 months ago

ADVISORY IDCVE-2022-46364⁠

EXPLOITABILITY SCORE

3.9

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-918⁠

CVSS SCORE

9.8high