Oracle Fusion Middleware Identity Manager authentication bypass

Added: 11/24/2025 Background Oracle Fusion Middleware is a platform for creating and running applications. Problem An authentication bypass vulnerability in the Identity Manager component allows remote attackers to execute arbitrary commands by appending ;.wadl to a URL. Resolution See Oracle Pat...

Oracle Fusion Middleware Identity Manager authentication bypass

Added: 11/24/2025 Background Oracle Fusion Middleware is a platform for creating and running applications. Problem An authentication bypass vulnerability in the Identity Manager component allows remote attackers to execute arbitrary commands by appending ;.wadl to a URL. Resolution See Oracle Pat...

Exploit for Missing Authentication for Critical Function in Oracle Identity_Manager

Oracle Identity Manager CVE-2025-61757 Vulnerability Detection T...

apache: cxf: org.apache.cxf:cxf-rt-rs-service-description: SSRF via WADL stylesheet parameter

A Server-side request forgery SSRF vulnerability has been identified in Apache CXF in the WADL service description. The flaw allows an attacker to perform SSRF-style attacks on REST web services. The attack only applies if a custom stylesheet parameter is configured...

Apache CXF < 3.5.9, 3.6.x < 3.6.4, 4.0.x < 4.0.5 Multiple Vulnerabilities

The version of Apache CXF installed on the remote Windows host is affected by multiple vulnerabilities: - A SSRF vulnerability in WADL service description in versions of Apache CXF before 4.0.5, 3.6.4 and 3.5.9 allows an attacker to perform SSRF style attacks on REST webservices. The attack only...

CVE-2024-29736

A Server-side request forgery SSRF vulnerability was found in Apache CXF in the WADL service description. The flaw allows an attacker to perform SSRF-style attacks on REST web services. The attack only applies if a custom stylesheet parameter is configured. Mitigation Mitigation for this issue is...

Apache CXF: SSRF vulnerability via WADL stylesheet parameter

A SSRF vulnerability in WADL service description in versions of Apache CXF before 4.0.5, 3.6.4 and 3.5.9 allows an attacker to perform SSRF style attacks on REST webservices. The attack only applies if a custom stylesheet parameter is configured...

CVE-2024-29736

A SSRF vulnerability in WADL service description in versions of Apache CXF before 4.0.5, 3.6.4 and 3.5.9 allows an attacker to perform SSRF style attacks on REST webservices. The attack only applies if a custom stylesheet parameter is configured...

CVE-2024-29736 Apache CXF: SSRF vulnerability via WADL stylesheet parameter

A SSRF vulnerability in WADL service description in versions of Apache CXF before 4.0.5, 3.6.4 and 3.5.9 allows an attacker to perform SSRF style attacks on REST webservices. The attack only applies if a custom stylesheet parameter is configured...

CVE-2024-29736 Apache CXF: SSRF vulnerability via WADL stylesheet parameter

A SSRF vulnerability in WADL service description in versions of Apache CXF before 4.0.5, 3.6.4 and 3.5.9 allows an attacker to perform SSRF style attacks on REST webservices. The attack only applies if a custom stylesheet parameter is configured...

CVE-2024-29736

CVE-2024-29736: Apache CXF WADL stylesheet SSRF. The issue arises from improper validation of the WADL stylesheet parameter, enabling SSRF against REST services when a custom stylesheet parameter is configured. Affected CXF versions are before 4.0.5, 3.6.4, and 3.5.9. Mitigation: upgrade CXF to 4...

apache: cxf: org.apache.cxf:cxf-rt-rs-service-description: SSRF via WADL stylesheet parameter

A Server-side request forgery SSRF vulnerability has been identified in Apache CXF in the WADL service description. The flaw allows an attacker to perform SSRF-style attacks on REST web services. The attack only applies if a custom stylesheet parameter is configured...

PT-2024-5337 · Apache · Apache Cxf

Name of the Vulnerable Software and Affected Versions: Apache CXF versions prior to 4.0.5 Apache CXF versions prior to 3.6.4 Apache CXF versions prior to 3.5.9 Description: A SSRF vulnerability in the WADL service description of Apache CXF allows an attacker to perform SSRF style attacks on REST...

Code injection via property expansion in SoapUI

The WSDL/WADL import functionality in SoapUI before 4.6.4 allows remote attackers to execute arbitrary Java code via a crafted request parameter in a WSDL file...

GHSA-C2FP-MPMM-CQXV Code injection via property expansion in SoapUI

The WSDL/WADL import functionality in SoapUI before 4.6.4 allows remote attackers to execute arbitrary Java code via a crafted request parameter in a WSDL file...

SoapUI 4.6.3 - Remote Code Execution

No description provided by source. Exploit Title: SoapUI Remote Code Execution Date: 25.12.13 Exploit Author: Barak Tawily Vendor Homepage: http://www.soapui.org/ http://www.soapui.org/ Software Link: http://www.soapui.org/Downloads/download-soapui-pro-trial.html...

CVE-2014-1202

The WSDL/WADL import functionality in SoapUI before 4.6.4 allows remote attackers to execute arbitrary Java code via a crafted request parameter in a WSDL file...

Code injection

The WSDL/WADL import functionality in SoapUI before 4.6.4 allows remote attackers to execute arbitrary Java code via a crafted request parameter in a WSDL file...

CVE-2014-1202

The WSDL/WADL import functionality in SoapUI before 4.6.4 allows remote attackers to execute arbitrary Java code via a crafted request parameter in a WSDL file...

SoapUI 4.6.3 - Remote Code Execution

SoapUI 4.6.3 - Remote Code Execution Exploit Title: SoapUI Remote Code Execution Date: 25.12.13 Exploit Author: Barak Tawily Vendor Homepage: http://www.soapui.org/ Software Link: http://www.soapui.org/Downloads/download-soapui-pro-trial.html Version: vulnerable before 4.6.4 Tested on: Windows,...