VDB
CVE-2022-46364
CVE-2022-46364
PUBLISHED
CVSS 8.699999809265137 HIGH
In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist "HIGH" für "Confidentiality", "Integrity" und "Availability" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert "HOCH" für die Schadenshöhe.
EPSS 0.10% · 27.7th percentile
Risk Scores
CVSS 4.0
8.699999809265137
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
EPSS Score
0.10%
27.7th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Oracle | Oracle Communications Applications <= 8.0.0.7.0 | |
| Oracle | Oracle Financial Services Applications 14.6 | |
| Oracle | Oracle Communications 12.6.0.0.0 | |
| IBM | IBM TXSeries 8.1 | |
| Oracle | Oracle Financial Services Applications 8.0.7.1.2 | |
| RealObjects | RealObjects PDFreactor <11.6.3 | |
| Dell | Dell Secure Connect Gateway <5.34.00.16 | |
| Red Hat | Red Hat JBoss Enterprise Application Platform <7.4.9 | |
| Oracle | Oracle Financial Services Applications 8.1.2.4.1 | |
| Hitachi | Hitachi Ops Center <Common Services 10.9.3-00 | |
| Oracle | Oracle Financial Services Applications 8.0.7.8.0 | |
| Oracle | Oracle Financial Services Applications 8.1.2 | |
| Oracle | Oracle Communications Applications 10.0.1.7.0 | |
| Oracle | Oracle Communications Applications 7.5.0 | |
| Oracle | Oracle Financial Services Applications 14.6.0.3.0 | |
| IBM | IBM QRadar SIEM 7.5 | |
| Oracle | Oracle Communications 3.3 | |
| Oracle | Oracle Communications Applications <= 12.0.0.8.0 | |
| Oracle | Oracle Financial Services Applications 14.5.0.8.0 | |
| Oracle | Oracle Financial Services Applications 8.0.8.2 |
…and 126 more
Exploit Intelligence
- CVE-2022-46364-Poc Apache CXF SSRF via MTOM XOP:Include (github-poc-repo)
- CVE-2022-46364-Poc Apache CXF SSRF via MTOM XOP:Include (github-poc-repo)
- CVE-2022-46364-Poc Apache CXF SSRF via MTOM XOP:Include (github-poc-repo)
- CVE-2022-46364-Poc Apache CXF SSRF via MTOM XOP:Include (github-poc-repo)
- CVE-2022-46364-Poc Apache CXF SSRF via MTOM XOP:Include (github-poc-repo)
- CVE-2022-46364-Poc Apache CXF SSRF via MTOM XOP:Include (github-poc-repo)
- CVE-2022-46364-Poc Apache CXF SSRF via MTOM XOP:Include (github-poc-repo)
- This vulnerability allows an attacker to perform SSRF (Server-Side Request Forgery) attacks on Apache CXF webservices that accept MTOM/XOP requests. The issue exists in how the href attribute of xop:Include is parsed, allowing arbitrary URLs to be requested by the server. (github-poc-repo)
- This vulnerability allows an attacker to perform SSRF (Server-Side Request Forgery) attacks on Apache CXF webservices that accept MTOM/XOP requests. The issue exists in how the href attribute of xop:Include is parsed, allowing arbitrary URLs to be requested by the server. (github-poc-repo)
- This vulnerability allows an attacker to perform SSRF (Server-Side Request Forgery) attacks on Apache CXF webservices that accept MTOM/XOP requests. The issue exists in how the href attribute of xop:Include is parsed, allowing arbitrary URLs to be requested by the server. (github-poc-repo)
…and 55 more exploits
Timeline
- Dec 13, 2022 CVE Published
- Dec 14, 2022 EPSS Score
- Jan 25, 2023 EPSS Score
- Mar 8, 2023 EPSS Score
- Apr 18, 2023 EPSS Score
- May 8, 2023 EPSS Score
- May 30, 2023 EPSS Score
- Jul 11, 2023 EPSS Score
- Aug 22, 2023 EPSS Score
- Sep 27, 2023 EPSS Score
- Oct 3, 2023 EPSS Score
- Dec 25, 2023 EPSS Score
References
- https://wid.cert-bund.de/.well-known/csaf/white/2022/wid-sec-w-2022-2316.json advisory
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-2316 advisory
- https://cxf.apache.org/security-advisories.data/CVE-2022-46363.txt advisory
- https://cxf.apache.org/security-advisories.data/CVE-2022-46364.txt advisory
- https://access.redhat.com/errata/RHSA-2023:0163 advisory
- https://access.redhat.com/errata/RHSA-2023:0164 advisory
- https://access.redhat.com/errata/RHSA-2023:0483 advisory
- https://access.redhat.com/errata/RHSA-2023:0544 advisory
- https://www.ibm.com/support/pages/node/6953767 advisory
- https://access.redhat.com/errata/RHSA-2023:1047 advisory
- https://access.redhat.com/errata/RHSA-2023:1045 advisory
- https://access.redhat.com/errata/RHSA-2023:1044 advisory
- https://access.redhat.com/errata/RHSA-2023:1043 advisory
- https://access.redhat.com/errata/RHSA-2023:1049 advisory
- https://www.ibm.com/support/pages/node/6962805 advisory
- https://www.pdfreactor.com/product/changelog.htm advisory
- https://access.redhat.com/errata/RHSA-2023:1286 advisory
- https://access.redhat.com/errata/RHSA-2023:1285 advisory
- https://www.ibm.com/support/pages/node/6967571 advisory
- https://www.ibm.com/support/pages/node/6987357 advisory
…and 58 more