CVE-2022-40705

🗓️ 22 Sep 2022 08:15:16Reported by apacheType

cve🔗 web.nvd.nist.gov📰️ 3 Media mentions👁 397 Views

An XML External Entity Reference vulnerability in Apache SOAP allows arbitrary file read over HTTP

Reporter	Title	Published	Views	Family All 17
IBM Security Bulletins	Security Bulletin: There is a security vulnerability in Apache SOAP used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2022-40705)	2 Mar 202320:39	–	ibm
IBM Security Bulletins	Security Bulletin: There is a vulnerability in Apache SOAP used by IBM Maximo Asset Management (CVE-2022-40705)	5 Jun 202313:24	–	ibm
ATTACKERKB	CVE-2022-40705	22 Sep 202209:15	–	attackerkb
CNNVD	Apache SOAP 代码问题漏洞	22 Sep 202200:00	–	cnnvd
CNVD	Apache SOAP XML External Entity Injection Vulnerability	26 Sep 202200:00	–	cnvd
Cvelist	CVE-2022-40705 Apache SOAP: XML External Entity Injection (XXE) allows unauthenticated users to read arbitrary files via HTTP	22 Sep 202208:15	–	cvelist
Github Security Blog	Apache SOAP's RPCRouterServlet allows reading of arbitrary files over HTTP	23 Sep 202200:00	–	github
NVD	CVE-2022-40705	22 Sep 202209:15	–	nvd
Oracle	Oracle Critical Patch Update Advisory - July 2023	18 Jul 202300:00	–	oracle
OSV	CVE-2022-40705	22 Sep 202209:15	–	osv

NVD

Vulners

Vulnrichment

Node

apache soapRange2.2≥

[
  {
    "product": "Apache SOAP",
    "vendor": "Apache Software Foundation",
    "versions": [
      {
        "changes": [
          {
            "at": "2.2",
            "status": "unknown"
          }
        ],
        "lessThan": "Apache SOAP*",
        "status": "affected",
        "version": "2.2",
        "versionType": "custom"
      }
    ]
  }
]