mirror of
https://github.com/fkie-cad/nvd-json-data-feeds.git
synced 2025-06-19 17:31:42 +00:00
88 lines
2.7 KiB
JSON
88 lines
2.7 KiB
JSON
{
|
|
"id": "CVE-2022-46364",
|
|
"sourceIdentifier": "security@apache.org",
|
|
"published": "2022-12-13T17:15:17.587",
|
|
"lastModified": "2023-11-07T03:55:35.660",
|
|
"vulnStatus": "Modified",
|
|
"cveTags": [],
|
|
"descriptions": [
|
|
{
|
|
"lang": "en",
|
|
"value": "A SSRF vulnerability in parsing the\u00a0href attribute of XOP:Include in MTOM requests in versions of Apache CXF before 3.5.5 and 3.4.10 allows an attacker to perform SSRF style attacks on webservices that take at least one parameter of any type.\u00a0"
|
|
},
|
|
{
|
|
"lang": "es",
|
|
"value": "Una vulnerabilidad SSRF al analizar el atributo href de XOP: Incluir en solicitudes MTOM en versiones de Apache CXF anteriores a 3.5.5 y 3.4.10 permite a un atacante realizar ataques de estilo SSRF en servicios web que toman al menos un par\u00e1metro de cualquier tipo."
|
|
}
|
|
],
|
|
"metrics": {
|
|
"cvssMetricV31": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"cvssData": {
|
|
"version": "3.1",
|
|
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
|
|
"attackVector": "NETWORK",
|
|
"attackComplexity": "LOW",
|
|
"privilegesRequired": "NONE",
|
|
"userInteraction": "NONE",
|
|
"scope": "UNCHANGED",
|
|
"confidentialityImpact": "HIGH",
|
|
"integrityImpact": "HIGH",
|
|
"availabilityImpact": "HIGH",
|
|
"baseScore": 9.8,
|
|
"baseSeverity": "CRITICAL"
|
|
},
|
|
"exploitabilityScore": 3.9,
|
|
"impactScore": 5.9
|
|
}
|
|
]
|
|
},
|
|
"weaknesses": [
|
|
{
|
|
"source": "security@apache.org",
|
|
"type": "Primary",
|
|
"description": [
|
|
{
|
|
"lang": "en",
|
|
"value": "CWE-918"
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"configurations": [
|
|
{
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:apache:cxf:*:*:*:*:*:*:*:*",
|
|
"versionEndExcluding": "3.4.10",
|
|
"matchCriteriaId": "17B5E32D-A436-4C79-BEE9-6A2DB162DC66"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:apache:cxf:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "3.5.0",
|
|
"versionEndExcluding": "3.5.5",
|
|
"matchCriteriaId": "11EC4474-4CB6-47CD-9E3D-A998A3C7226C"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"references": [
|
|
{
|
|
"url": "https://cxf.apache.org/security-advisories.data/CVE-2022-46364.txt?version=1&modificationDate=1670944472739&api=v2",
|
|
"source": "security@apache.org",
|
|
"tags": [
|
|
"Vendor Advisory"
|
|
]
|
|
}
|
|
]
|
|
} |