Lucene search
ApacheVULNRICHMENT:CVE-2022-40705HistorySep 22, 2022 - 8:15 a.m.
CVE-2022-40705 Apache SOAP: XML External Entity Injection (XXE) allows unauthenticated users to read arbitrary files via HTTP
2022-09-2208:15:16
CWE-611
apache
github.com
2
cve-2022
apache soap
xml external entity injection
rpcrouterservlet
unauthenticated users
arbitrary files
http
vulnerability
unsupported products
AI Score
6.8
Confidence
Low
EPSS
0.001
Percentile
38.6%
SSVC
Exploitation
none
Automatable
yes
Technical Impact
partial
An Improper Restriction of XML External Entity Reference vulnerability in RPCRouterServlet of Apache SOAP allows an attacker to read arbitrary files over HTTP. This issue affects Apache SOAP version 2.2 and later versions. It is unknown whether previous versions are also affected. NOTE: This vulnerability only affects products that are no longer supported by the maintainer
ADP Affected
[
{
"cpes": [
"cpe:2.3:a:apache:soap:*:*:*:*:*:*:*:*"
],
"vendor": "apache",
"product": "soap",
"versions": [
{
"status": "affected",
"version": "2.2",
"lessThan": "*",
"versionType": "custom"
}
],
"defaultStatus": "unknown"
}
]Related
osv
osv
Apache SOAP's RPCRouterServlet allows reading of arbitrary files over HTTP
2022-09-23 00:00:46
github
github
Apache SOAP's RPCRouterServlet allows reading of arbitrary files over HTTP
2022-09-23 00:00:46
ibm
ibm
nvd
nvd
CVE-2022-40705
2022-09-22 09:15:09
veracode
veracode
Information Disclosure
2022-09-28 02:42:55
prion
prion
Xxe
2022-09-22 09:15:00
cvelist
cvelist
cnvd
cnvd
Apache SOAP XML External Entity Injection Vulnerability
2022-09-26 00:00:00
cve
cve
CVE-2022-40705
2022-09-22 09:15:09
oracle
oracle
Oracle Critical Patch Update Advisory - July 2023
2023-07-18 00:00:00
AI Score
6.8
Confidence
Low
EPSS
0.001
Percentile
38.6%
SSVC
Exploitation
none
Automatable
yes
Technical Impact
partial
Related for VULNRICHMENT:CVE-2022-40705