vulnerability
Red Hat JBoss EAP: CVE-2022-46364: Server-Side Request Forgery (SSRF)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 10 | (AV:N/AC:L/Au:N/C:C/I:C/A:C) | Dec 13, 2022 | Sep 19, 2024 | Jul 2, 2025 |
Severity
10
CVSS
(AV:N/AC:L/Au:N/C:C/I:C/A:C)
Published
Dec 13, 2022
Added
Sep 19, 2024
Modified
Jul 2, 2025
Description
A SSRF vulnerability in parsing the href attribute of XOP:Include in MTOM requests in versions of Apache CXF before 3.5.5 and 3.4.10 allows an attacker to perform SSRF style attacks on webservices that take at least one parameter of any type. . A SSRF vulnerability was found in Apache CXF. This issue occurs when parsing the href attribute of XOP:Include in MTOM requests, allowing an attacker to perform SSRF style attacks on webservices that take at least one parameter of any type.
Solution
red-hat-jboss-eap-upgrade-latest
References
- CWE-918
- CVE-2022-46364
- https://attackerkb.com/topics/CVE-2022-46364
- URL-https://access.redhat.com/security/cve/CVE-2022-46364
- URL-https://bugzilla.redhat.com/show_bug.cgi?id=2155682
- URL-https://cxf.apache.org/security-advisories.data/CVE-2022-46364.txt?version=1&modificationDate=1670944472739&api=v2
- URL-https://access.redhat.com/errata/RHSA-2023:0163
- URL-https://access.redhat.com/errata/RHSA-2023:0164
- URL-https://access.redhat.com/errata/RHSA-2023:0552
- URL-https://access.redhat.com/errata/RHSA-2023:0553
- URL-https://access.redhat.com/errata/RHSA-2023:0554
- URL-https://access.redhat.com/errata/RHSA-2023:0556
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.