Description

A SSRF vulnerability in parsing the href attribute of XOP:Include in MTOM requests in versions of Apache CXF before 3.5.5 and 3.4.10 allows an attacker to perform SSRF style attacks on webservices that take at least one parameter of any type. 

Remediation

References

https://cxf.apache.org/security-advisories.data/CVE-2022-46364.txt?version=1&modificationDate=1670944472739&api=v2

Related Vulnerabilities

CVE-2019-10352 Vulnerability in maven package org.jenkins-ci.main:jenkins-core

CVE-2020-2224 Vulnerability in maven package org.jenkins-ci.plugins:matrix-project

CVE-2023-31206 Vulnerability in maven package org.apache.inlong:manager-web

CVE-2019-10246 Vulnerability in maven package org.eclipse.jetty:jetty-util

CVE-2021-3827 Vulnerability in maven package org.keycloak:keycloak-saml-core

Severity

Critical

Classification

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Vendor Advisory NVD-CWE-noinfo