CVE-2022-46364
Apache CXF Server-Side Request Forgery vulnerability
9.8
CRITICAL
CVSS 3.1
EPSS 0.10%
Description
A SSRF vulnerability in parsing the href attribute of XOP:Include in MTOM requests in versions of Apache CXF before 3.5.5 and 3.4.10 allows an attacker to perform SSRF style attacks on webservices that take at least one parameter of any type.
How to fix CVE-2022-46364
To remediate CVE-2022-46364, upgrade the affected package to a fixed version below.
- —upgrade to 3.4.10 or later
Is CVE-2022-46364 being exploited?
Low — EPSS is 0.1%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 3.4.10
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | CRITICAL9.8 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |