VulnerableCode Vulnerability Details

Staging Environment: Content and features may be unstable or change without notice.

Search for vulnerabilities

Vulnerability details: VCID-3884-4stp-e7fz

Essentials
Severities (9)
References (13)
Severity details (8)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-3884-4stp-e7fz
Aliases	CVE-2022-46363 GHSA-3w37-5p3p-jv92
Summary	CXF: directory listing / code exfiltration
Status	Published
Exploitability	None
Weighted Severity	None
Risk	None
Affected and Fixed Packages	Package Details

Weaknesses (4)

CWE-20	Improper Input Validation
CWE-200	Exposure of Sensitive Information to an Unauthorized Actor
CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

System	Score	Found at
cvssv3	7.5	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-46363.json
epss	0.00121	https://api.first.org/data/v1/epss?cve=CVE-2022-46363
cvssv3.1	7.5	https://github.com/apache/cxf
generic_textual	HIGH	https://github.com/apache/cxf
cvssv3.1	7.5	https://lists.apache.org/thread/pdzo1qgyplf4y523tnnzrcm7hoco3l8c
generic_textual	HIGH	https://lists.apache.org/thread/pdzo1qgyplf4y523tnnzrcm7hoco3l8c
ssvc	Track	https://lists.apache.org/thread/pdzo1qgyplf4y523tnnzrcm7hoco3l8c
cvssv3.1	7.5	https://nvd.nist.gov/vuln/detail/CVE-2022-46363
generic_textual	HIGH	https://nvd.nist.gov/vuln/detail/CVE-2022-46363

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-46363.json
		https://api.first.org/data/v1/epss?cve=CVE-2022-46363
		https://github.com/apache/cxf
		https://lists.apache.org/thread/pdzo1qgyplf4y523tnnzrcm7hoco3l8c
		https://nvd.nist.gov/vuln/detail/CVE-2022-46363
2155681		https://bugzilla.redhat.com/show_bug.cgi?id=2155681
GHSA-3w37-5p3p-jv92		https://github.com/advisories/GHSA-3w37-5p3p-jv92
RHSA-2023:0483		https://access.redhat.com/errata/RHSA-2023:0483
RHSA-2023:0544		https://access.redhat.com/errata/RHSA-2023:0544
RHSA-2023:0556		https://access.redhat.com/errata/RHSA-2023:0556
RHSA-2023:3641		https://access.redhat.com/errata/RHSA-2023:3641
RHSA-2025:1746		https://access.redhat.com/errata/RHSA-2025:1746
RHSA-2025:1747		https://access.redhat.com/errata/RHSA-2025:1747

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-46363.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://github.com/apache/cxf

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://lists.apache.org/thread/pdzo1qgyplf4y523tnnzrcm7hoco3l8c

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-22T02:50:18Z/ Found at https://lists.apache.org/thread/pdzo1qgyplf4y523tnnzrcm7hoco3l8c

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2022-46363

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Exploit Prediction Scoring System (EPSS)

Percentile	0.30683
EPSS Score	0.00121
Published At	May 29, 2026, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2026-05-29T09:10:31.292153+00:00	RedHat Importer	Import	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-46363.json	38.6.0