VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-eqe5-wr57-aaar

Essentials
Severities (102)
References (17)
Severity details (16)
Exploits (0)
EPSS
History (0)

Vulnerability ID	VCID-eqe5-wr57-aaar
Aliases	CVE-2022-46363 GHSA-3w37-5p3p-jv92
Summary	Apache CXF vulnerable to Exposure of Sensitive Information
Status	Published
Exploitability	0.5
Weighted Severity	8.0
Risk	4.0
Affected and Fixed Packages	Package Details

Weaknesses (4)

CWE-20	Improper Input Validation
CWE-200	Exposure of Sensitive Information to an Unauthorized Actor
CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

System	Score	Found at
cvssv3.1	7.5	https://access.redhat.com/errata/RHSA-2023:2135
ssvc	Track	https://access.redhat.com/errata/RHSA-2023:2135
cvssv3.1	4.3	https://access.redhat.com/errata/RHSA-2023:3906
ssvc	Track	https://access.redhat.com/errata/RHSA-2023:3906
cvssv3.1	7.5	https://access.redhat.com/errata/RHSA-2023:3954
ssvc	Track	https://access.redhat.com/errata/RHSA-2023:3954
cvssv3	7.5	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-46363.json
epss	0.00065	https://api.first.org/data/v1/epss?cve=CVE-2022-46363
epss	0.00065	https://api.first.org/data/v1/epss?cve=CVE-2022-46363
epss	0.00065	https://api.first.org/data/v1/epss?cve=CVE-2022-46363
epss	0.00065	https://api.first.org/data/v1/epss?cve=CVE-2022-46363
epss	0.00065	https://api.first.org/data/v1/epss?cve=CVE-2022-46363
epss	0.00065	https://api.first.org/data/v1/epss?cve=CVE-2022-46363
epss	0.00065	https://api.first.org/data/v1/epss?cve=CVE-2022-46363
epss	0.00065	https://api.first.org/data/v1/epss?cve=CVE-2022-46363
epss	0.00065	https://api.first.org/data/v1/epss?cve=CVE-2022-46363
epss	0.00065	https://api.first.org/data/v1/epss?cve=CVE-2022-46363
epss	0.00065	https://api.first.org/data/v1/epss?cve=CVE-2022-46363
epss	0.00065	https://api.first.org/data/v1/epss?cve=CVE-2022-46363
epss	0.00065	https://api.first.org/data/v1/epss?cve=CVE-2022-46363
epss	0.00065	https://api.first.org/data/v1/epss?cve=CVE-2022-46363
epss	0.00065	https://api.first.org/data/v1/epss?cve=CVE-2022-46363
epss	0.00065	https://api.first.org/data/v1/epss?cve=CVE-2022-46363
epss	0.00065	https://api.first.org/data/v1/epss?cve=CVE-2022-46363
epss	0.00065	https://api.first.org/data/v1/epss?cve=CVE-2022-46363
epss	0.00065	https://api.first.org/data/v1/epss?cve=CVE-2022-46363
epss	0.00065	https://api.first.org/data/v1/epss?cve=CVE-2022-46363
epss	0.00065	https://api.first.org/data/v1/epss?cve=CVE-2022-46363
epss	0.00065	https://api.first.org/data/v1/epss?cve=CVE-2022-46363
epss	0.00065	https://api.first.org/data/v1/epss?cve=CVE-2022-46363
epss	0.00065	https://api.first.org/data/v1/epss?cve=CVE-2022-46363
epss	0.00065	https://api.first.org/data/v1/epss?cve=CVE-2022-46363
epss	0.00065	https://api.first.org/data/v1/epss?cve=CVE-2022-46363
epss	0.00065	https://api.first.org/data/v1/epss?cve=CVE-2022-46363
epss	0.00065	https://api.first.org/data/v1/epss?cve=CVE-2022-46363
epss	0.00065	https://api.first.org/data/v1/epss?cve=CVE-2022-46363
epss	0.00065	https://api.first.org/data/v1/epss?cve=CVE-2022-46363
epss	0.00065	https://api.first.org/data/v1/epss?cve=CVE-2022-46363
epss	0.00065	https://api.first.org/data/v1/epss?cve=CVE-2022-46363
epss	0.00065	https://api.first.org/data/v1/epss?cve=CVE-2022-46363
epss	0.00065	https://api.first.org/data/v1/epss?cve=CVE-2022-46363
epss	0.00065	https://api.first.org/data/v1/epss?cve=CVE-2022-46363
epss	0.00065	https://api.first.org/data/v1/epss?cve=CVE-2022-46363
epss	0.00065	https://api.first.org/data/v1/epss?cve=CVE-2022-46363
epss	0.00065	https://api.first.org/data/v1/epss?cve=CVE-2022-46363
epss	0.00065	https://api.first.org/data/v1/epss?cve=CVE-2022-46363
epss	0.00065	https://api.first.org/data/v1/epss?cve=CVE-2022-46363
epss	0.00065	https://api.first.org/data/v1/epss?cve=CVE-2022-46363
epss	0.00065	https://api.first.org/data/v1/epss?cve=CVE-2022-46363
epss	0.00065	https://api.first.org/data/v1/epss?cve=CVE-2022-46363
epss	0.00065	https://api.first.org/data/v1/epss?cve=CVE-2022-46363
epss	0.00065	https://api.first.org/data/v1/epss?cve=CVE-2022-46363
epss	0.00065	https://api.first.org/data/v1/epss?cve=CVE-2022-46363
epss	0.00065	https://api.first.org/data/v1/epss?cve=CVE-2022-46363
epss	0.00065	https://api.first.org/data/v1/epss?cve=CVE-2022-46363
epss	0.00065	https://api.first.org/data/v1/epss?cve=CVE-2022-46363
epss	0.00065	https://api.first.org/data/v1/epss?cve=CVE-2022-46363
epss	0.00065	https://api.first.org/data/v1/epss?cve=CVE-2022-46363
epss	0.00065	https://api.first.org/data/v1/epss?cve=CVE-2022-46363
epss	0.00065	https://api.first.org/data/v1/epss?cve=CVE-2022-46363
epss	0.00065	https://api.first.org/data/v1/epss?cve=CVE-2022-46363
epss	0.00065	https://api.first.org/data/v1/epss?cve=CVE-2022-46363
epss	0.00065	https://api.first.org/data/v1/epss?cve=CVE-2022-46363
epss	0.00065	https://api.first.org/data/v1/epss?cve=CVE-2022-46363
epss	0.00084	https://api.first.org/data/v1/epss?cve=CVE-2022-46363
epss	0.00084	https://api.first.org/data/v1/epss?cve=CVE-2022-46363
epss	0.00084	https://api.first.org/data/v1/epss?cve=CVE-2022-46363
epss	0.00084	https://api.first.org/data/v1/epss?cve=CVE-2022-46363
epss	0.00084	https://api.first.org/data/v1/epss?cve=CVE-2022-46363
epss	0.00084	https://api.first.org/data/v1/epss?cve=CVE-2022-46363
epss	0.00084	https://api.first.org/data/v1/epss?cve=CVE-2022-46363
epss	0.00087	https://api.first.org/data/v1/epss?cve=CVE-2022-46363
epss	0.00087	https://api.first.org/data/v1/epss?cve=CVE-2022-46363
epss	0.00087	https://api.first.org/data/v1/epss?cve=CVE-2022-46363
epss	0.00087	https://api.first.org/data/v1/epss?cve=CVE-2022-46363
epss	0.00087	https://api.first.org/data/v1/epss?cve=CVE-2022-46363
epss	0.00087	https://api.first.org/data/v1/epss?cve=CVE-2022-46363
epss	0.00087	https://api.first.org/data/v1/epss?cve=CVE-2022-46363
epss	0.00087	https://api.first.org/data/v1/epss?cve=CVE-2022-46363
epss	0.00087	https://api.first.org/data/v1/epss?cve=CVE-2022-46363
epss	0.00098	https://api.first.org/data/v1/epss?cve=CVE-2022-46363
epss	0.00098	https://api.first.org/data/v1/epss?cve=CVE-2022-46363
epss	0.00098	https://api.first.org/data/v1/epss?cve=CVE-2022-46363
epss	0.00098	https://api.first.org/data/v1/epss?cve=CVE-2022-46363
epss	0.00098	https://api.first.org/data/v1/epss?cve=CVE-2022-46363
epss	0.00098	https://api.first.org/data/v1/epss?cve=CVE-2022-46363
epss	0.00098	https://api.first.org/data/v1/epss?cve=CVE-2022-46363
epss	0.00098	https://api.first.org/data/v1/epss?cve=CVE-2022-46363
epss	0.00098	https://api.first.org/data/v1/epss?cve=CVE-2022-46363
epss	0.00098	https://api.first.org/data/v1/epss?cve=CVE-2022-46363
epss	0.00098	https://api.first.org/data/v1/epss?cve=CVE-2022-46363
epss	0.00098	https://api.first.org/data/v1/epss?cve=CVE-2022-46363
epss	0.00155	https://api.first.org/data/v1/epss?cve=CVE-2022-46363
cvssv3.1_qr	HIGH	https://github.com/advisories/GHSA-3w37-5p3p-jv92
cvssv3.1_qr	MODERATE	https://github.com/advisories/GHSA-3w37-5p3p-jv92
cvssv3.1	3.7	https://github.com/apache/cxf
generic_textual	LOW	https://github.com/apache/cxf
cvssv3.1	7.5	https://lists.apache.org/thread/pdzo1qgyplf4y523tnnzrcm7hoco3l8c
generic_textual	HIGH	https://lists.apache.org/thread/pdzo1qgyplf4y523tnnzrcm7hoco3l8c
ssvc	Track	https://lists.apache.org/thread/pdzo1qgyplf4y523tnnzrcm7hoco3l8c
cvssv3	7.5	https://nvd.nist.gov/vuln/detail/CVE-2022-46363
cvssv3.1	7.5	https://nvd.nist.gov/vuln/detail/CVE-2022-46363

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-46363.json
		https://api.first.org/data/v1/epss?cve=CVE-2022-46363
		https://github.com/apache/cxf
		https://lists.apache.org/thread/pdzo1qgyplf4y523tnnzrcm7hoco3l8c
2155681		https://bugzilla.redhat.com/show_bug.cgi?id=2155681
cpe:2.3:a:apache:cxf::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf::::::::
CVE-2022-46363		https://nvd.nist.gov/vuln/detail/CVE-2022-46363
GHSA-3w37-5p3p-jv92		https://github.com/advisories/GHSA-3w37-5p3p-jv92
RHSA-2023:0483		https://access.redhat.com/errata/RHSA-2023:0483
RHSA-2023:0544		https://access.redhat.com/errata/RHSA-2023:0544
RHSA-2023:0556		https://access.redhat.com/errata/RHSA-2023:0556
RHSA-2023:2135		https://access.redhat.com/errata/RHSA-2023:2135
RHSA-2023:3641		https://access.redhat.com/errata/RHSA-2023:3641
RHSA-2023:3906		https://access.redhat.com/errata/RHSA-2023:3906
RHSA-2023:3954		https://access.redhat.com/errata/RHSA-2023:3954
RHSA-2025:1746		https://access.redhat.com/errata/RHSA-2025:1746
RHSA-2025:1747		https://access.redhat.com/errata/RHSA-2025:1747

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://access.redhat.com/errata/RHSA-2023:2135

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-08T18:37:50Z/ Found at https://access.redhat.com/errata/RHSA-2023:2135

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N Found at https://access.redhat.com/errata/RHSA-2023:3906

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-07T17:32:13Z/ Found at https://access.redhat.com/errata/RHSA-2023:3906

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://access.redhat.com/errata/RHSA-2023:3954

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-08T18:37:50Z/ Found at https://access.redhat.com/errata/RHSA-2023:3954

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-46363.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L Found at https://github.com/apache/cxf

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://lists.apache.org/thread/pdzo1qgyplf4y523tnnzrcm7hoco3l8c

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-22T02:50:18Z/ Found at https://lists.apache.org/thread/pdzo1qgyplf4y523tnnzrcm7hoco3l8c

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2022-46363

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2022-46363

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Exploit Prediction Scoring System (EPSS)

Percentile	0.17187
EPSS Score	0.00065
Published At	March 28, 2025, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
There are no relevant records.