CVE-2022-46364

CVE-2022-46364: Apache CXF SSRF Vulnerability

Vendor Apache Software Foundation

Product Apache CXF

Weakness CWE-918 · SSRF

Published December 13, 2022

Last update April 22, 2025

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

Description

A SSRF vulnerability in parsing the href attribute of XOP:Include in MTOM requests in versions of Apache CXF before 3.5.5 and 3.4.10 allows an attacker to perform SSRF style attacks on webservices that take at least one parameter of any type.

Key dates

Disclosure timeline

December 13, 2022 CVE published

April 22, 2025 Record updated

Identifiers

CVE CVE-2022-46364

CWE CWE-918

Affected versions

Vendor Apache Software Foundation

Product Apache CXF

Affected < 3.5.5

Vendor Apache Software Foundation

Product Apache CXF

Affected < 3.4.10