Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-46364

A SSRF vulnerability in parsing the href attribute of XOP:Include in MTOM requests in versions of Apache CXF before 3.5.5 and 3.4.10 allows an attacker to perform SSRF style attacks on webservices that take at least one parameter of any type.

Published

2022-12-13T17:15:17.587

Last Modified

2025-04-22T03:15:20.907

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 9.8 (CRITICAL)

Weaknesses

Type: Primary
CWE-918

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	apache	cxf	< 3.4.10	Yes
Application	apache	cxf	< 3.5.5	Yes

References

https://cxf.apache.org/security-advisories.data/CVE-2022-46364.txt?version=1&modificationDate=1670944472739&api=v2 Vendor Advisory ([email protected])
https://cxf.apache.org/security-advisories.data/CVE-2022-46364.txt?version=1&modificationDate=1670944472739&api=v2 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)