WID-SEC-W-2024-0642 — Vulnetix

WID-SEC-W-2024-0642 PUBLISHED CVSS 9.300000190734863 CRITICAL

Apache CXF ist ein Open Source-Web Service-Framework.

Risk Scores

CVSS 4.0

9.300000190734863

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected Products

Vendor	Product	Versions
	Red Hat Integration Camel for Spring Boot 1
	Red Hat JBoss Enterprise Application Platform <7.3.11
	Apache CXF 3.6.3
	Red Hat Enterprise Linux
	Apache CXF <4.0.4
	Red Hat JBoss Enterprise Application Platform 7.1.8
	RealObjects PDFreactor <11.6.12
	Red Hat JBoss Enterprise Application Platform <7.1.8
	Red Hat Integration Camel K 1
	Apache CXF <3.6.3
	Apache CXF 4.0.4
	Red Hat JBoss Enterprise Application Platform 7.3.11
	Apache CXF <3.5.8
	Red Hat Integration Camel Extensions for Quarkus 1
	RealObjects PDFreactor 11.6.12
	Apache CXF 3.5.8

Exploit Intelligence

Apache CXF SSRF CVE-2024-28752 (github-poc-repo)
Apache CXF SSRF CVE-2024-28752 (github-poc)
https://access.redhat.com/errata/RHSA-2024:5479 (circl)
https://access.redhat.com/errata/RHSA-2024:3708 (circl)
https://access.redhat.com/errata/RHSA-2024:2852 (circl)
https://access.redhat.com/errata/RHSA-2024:2834 (circl)
https://access.redhat.com/errata/RHSA-2024:3563 (circl)
https://access.redhat.com/errata/RHSA-2024:3559 (circl)
https://access.redhat.com/errata/RHSA-2024:3560 (circl)
https://access.redhat.com/errata/RHSA-2024:5482 (circl)

…and 15 more exploits

Timeline

Mar 14, 2024 CVE Published
Nov 24, 2024 CVE Updated
May 3, 2026 Distribution Patch
May 3, 2026 Distribution Patch
May 3, 2026 Distribution Patch
May 3, 2026 Distribution Patch
May 3, 2026 Distribution Patch
May 3, 2026 Distribution Patch
May 3, 2026 Distribution Patch
May 3, 2026 Distribution Patch
May 3, 2026 Distribution Patch
May 3, 2026 Distribution Patch

References

Open in Interactive Console →

$ Console Community · 100/wk Open console ›