Skip to main content

Soap

2 CVEs product

Monthly

CVE-2022-45378 Maven CRITICAL Act Now

In the default configuration of Apache SOAP, an RPCRouterServlet is available without authentication. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Apache Authentication Bypass Soap
NVD
CVSS 3.1
9.8
EPSS
2.3%
CVE-2022-40705 Maven HIGH This Week

An Improper Restriction of XML External Entity Reference vulnerability in RPCRouterServlet of Apache SOAP allows an attacker to read arbitrary files over HTTP.2 and later versions. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache XXE Soap
NVD
CVSS 3.1
7.5
EPSS
1.4%
EPSS 2% CVSS 9.8
CRITICAL Act Now

In the default configuration of Apache SOAP, an RPCRouterServlet is available without authentication. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Apache Authentication Bypass +1
NVD
EPSS 1% CVSS 7.5
HIGH This Week

An Improper Restriction of XML External Entity Reference vulnerability in RPCRouterServlet of Apache SOAP allows an attacker to read arbitrary files over HTTP.2 and later versions. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache XXE Soap
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy