Apache released an advisory to address a vulnerability in CXF before 3.5.5 and 3.4.10. An attacker could exploit this vulnerability to perform SSRF style attacks on webservices that take at least one parameter of any type.

For a complete description of the vulnerabilities and affected systems go to CVE-2022-46364: Apache CXF SSRF Vulnerability.

IT Security

Read more about IT Security service offerings.