Search for vulnerabilities
Vulnerability details: VCID-shw4-mwht-aaan
Vulnerability ID VCID-shw4-mwht-aaan
Aliases CVE-2022-46364
GHSA-x3x3-qwjq-8gj4
Summary Apache CXF Server-Side Request Forgery vulnerability
Status Published
Exploitability 0.5
Weighted Severity 9.0
Risk 4.5
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-918 Server-Side Request Forgery (SSRF)
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
cvssv3.1 7.5 https://access.redhat.com/errata/RHSA-2023:2135
ssvc Track https://access.redhat.com/errata/RHSA-2023:2135
cvssv3.1 7.5 https://access.redhat.com/errata/RHSA-2023:3954
ssvc Track https://access.redhat.com/errata/RHSA-2023:3954
cvssv3 9.8 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-46364.json
epss 0.00089 https://api.first.org/data/v1/epss?cve=CVE-2022-46364
epss 0.00089 https://api.first.org/data/v1/epss?cve=CVE-2022-46364
epss 0.00089 https://api.first.org/data/v1/epss?cve=CVE-2022-46364
epss 0.00089 https://api.first.org/data/v1/epss?cve=CVE-2022-46364
epss 0.00089 https://api.first.org/data/v1/epss?cve=CVE-2022-46364
epss 0.00089 https://api.first.org/data/v1/epss?cve=CVE-2022-46364
epss 0.00089 https://api.first.org/data/v1/epss?cve=CVE-2022-46364
epss 0.00089 https://api.first.org/data/v1/epss?cve=CVE-2022-46364
epss 0.00089 https://api.first.org/data/v1/epss?cve=CVE-2022-46364
epss 0.00089 https://api.first.org/data/v1/epss?cve=CVE-2022-46364
epss 0.00089 https://api.first.org/data/v1/epss?cve=CVE-2022-46364
epss 0.00089 https://api.first.org/data/v1/epss?cve=CVE-2022-46364
epss 0.00089 https://api.first.org/data/v1/epss?cve=CVE-2022-46364
epss 0.00089 https://api.first.org/data/v1/epss?cve=CVE-2022-46364
epss 0.00089 https://api.first.org/data/v1/epss?cve=CVE-2022-46364
epss 0.00089 https://api.first.org/data/v1/epss?cve=CVE-2022-46364
epss 0.00089 https://api.first.org/data/v1/epss?cve=CVE-2022-46364
epss 0.00089 https://api.first.org/data/v1/epss?cve=CVE-2022-46364
epss 0.00089 https://api.first.org/data/v1/epss?cve=CVE-2022-46364
epss 0.00089 https://api.first.org/data/v1/epss?cve=CVE-2022-46364
epss 0.00099 https://api.first.org/data/v1/epss?cve=CVE-2022-46364
epss 0.00099 https://api.first.org/data/v1/epss?cve=CVE-2022-46364
epss 0.00099 https://api.first.org/data/v1/epss?cve=CVE-2022-46364
epss 0.00099 https://api.first.org/data/v1/epss?cve=CVE-2022-46364
epss 0.00099 https://api.first.org/data/v1/epss?cve=CVE-2022-46364
epss 0.00099 https://api.first.org/data/v1/epss?cve=CVE-2022-46364
epss 0.00099 https://api.first.org/data/v1/epss?cve=CVE-2022-46364
epss 0.00099 https://api.first.org/data/v1/epss?cve=CVE-2022-46364
epss 0.00099 https://api.first.org/data/v1/epss?cve=CVE-2022-46364
epss 0.00099 https://api.first.org/data/v1/epss?cve=CVE-2022-46364
epss 0.00099 https://api.first.org/data/v1/epss?cve=CVE-2022-46364
epss 0.00099 https://api.first.org/data/v1/epss?cve=CVE-2022-46364
epss 0.00099 https://api.first.org/data/v1/epss?cve=CVE-2022-46364
epss 0.00099 https://api.first.org/data/v1/epss?cve=CVE-2022-46364
epss 0.00099 https://api.first.org/data/v1/epss?cve=CVE-2022-46364
epss 0.00099 https://api.first.org/data/v1/epss?cve=CVE-2022-46364
epss 0.00099 https://api.first.org/data/v1/epss?cve=CVE-2022-46364
epss 0.00099 https://api.first.org/data/v1/epss?cve=CVE-2022-46364
epss 0.00099 https://api.first.org/data/v1/epss?cve=CVE-2022-46364
epss 0.00099 https://api.first.org/data/v1/epss?cve=CVE-2022-46364
epss 0.00099 https://api.first.org/data/v1/epss?cve=CVE-2022-46364
epss 0.00099 https://api.first.org/data/v1/epss?cve=CVE-2022-46364
epss 0.00099 https://api.first.org/data/v1/epss?cve=CVE-2022-46364
epss 0.00099 https://api.first.org/data/v1/epss?cve=CVE-2022-46364
epss 0.00099 https://api.first.org/data/v1/epss?cve=CVE-2022-46364
epss 0.00099 https://api.first.org/data/v1/epss?cve=CVE-2022-46364
epss 0.00099 https://api.first.org/data/v1/epss?cve=CVE-2022-46364
epss 0.00099 https://api.first.org/data/v1/epss?cve=CVE-2022-46364
epss 0.00099 https://api.first.org/data/v1/epss?cve=CVE-2022-46364
epss 0.00099 https://api.first.org/data/v1/epss?cve=CVE-2022-46364
epss 0.00099 https://api.first.org/data/v1/epss?cve=CVE-2022-46364
epss 0.00099 https://api.first.org/data/v1/epss?cve=CVE-2022-46364
epss 0.00099 https://api.first.org/data/v1/epss?cve=CVE-2022-46364
epss 0.00099 https://api.first.org/data/v1/epss?cve=CVE-2022-46364
epss 0.00099 https://api.first.org/data/v1/epss?cve=CVE-2022-46364
epss 0.00099 https://api.first.org/data/v1/epss?cve=CVE-2022-46364
epss 0.00099 https://api.first.org/data/v1/epss?cve=CVE-2022-46364
epss 0.00099 https://api.first.org/data/v1/epss?cve=CVE-2022-46364
epss 0.00099 https://api.first.org/data/v1/epss?cve=CVE-2022-46364
epss 0.00099 https://api.first.org/data/v1/epss?cve=CVE-2022-46364
epss 0.00099 https://api.first.org/data/v1/epss?cve=CVE-2022-46364
epss 0.00099 https://api.first.org/data/v1/epss?cve=CVE-2022-46364
epss 0.00099 https://api.first.org/data/v1/epss?cve=CVE-2022-46364
epss 0.00111 https://api.first.org/data/v1/epss?cve=CVE-2022-46364
epss 0.00111 https://api.first.org/data/v1/epss?cve=CVE-2022-46364
epss 0.00111 https://api.first.org/data/v1/epss?cve=CVE-2022-46364
epss 0.00111 https://api.first.org/data/v1/epss?cve=CVE-2022-46364
epss 0.00111 https://api.first.org/data/v1/epss?cve=CVE-2022-46364
epss 0.00111 https://api.first.org/data/v1/epss?cve=CVE-2022-46364
epss 0.00111 https://api.first.org/data/v1/epss?cve=CVE-2022-46364
epss 0.00111 https://api.first.org/data/v1/epss?cve=CVE-2022-46364
epss 0.00111 https://api.first.org/data/v1/epss?cve=CVE-2022-46364
epss 0.00213 https://api.first.org/data/v1/epss?cve=CVE-2022-46364
epss 0.04071 https://api.first.org/data/v1/epss?cve=CVE-2022-46364
epss 0.04071 https://api.first.org/data/v1/epss?cve=CVE-2022-46364
epss 0.04071 https://api.first.org/data/v1/epss?cve=CVE-2022-46364
epss 0.04071 https://api.first.org/data/v1/epss?cve=CVE-2022-46364
epss 0.04071 https://api.first.org/data/v1/epss?cve=CVE-2022-46364
epss 0.04071 https://api.first.org/data/v1/epss?cve=CVE-2022-46364
epss 0.04162 https://api.first.org/data/v1/epss?cve=CVE-2022-46364
epss 0.04162 https://api.first.org/data/v1/epss?cve=CVE-2022-46364
epss 0.04162 https://api.first.org/data/v1/epss?cve=CVE-2022-46364
epss 0.04162 https://api.first.org/data/v1/epss?cve=CVE-2022-46364
epss 0.04162 https://api.first.org/data/v1/epss?cve=CVE-2022-46364
epss 0.04162 https://api.first.org/data/v1/epss?cve=CVE-2022-46364
epss 0.04162 https://api.first.org/data/v1/epss?cve=CVE-2022-46364
cvssv3.1 9.8 https://cxf.apache.org/security-advisories.data/CVE-2022-46364.txt?version=1&modificationDate=1670944472739&api=v2
ssvc Track https://cxf.apache.org/security-advisories.data/CVE-2022-46364.txt?version=1&modificationDate=1670944472739&api=v2
cvssv3.1_qr CRITICAL https://github.com/advisories/GHSA-x3x3-qwjq-8gj4
cvssv3.1_qr HIGH https://github.com/advisories/GHSA-x3x3-qwjq-8gj4
cvssv3 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-46364
cvssv3.1 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-46364
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-46364.json
https://api.first.org/data/v1/epss?cve=CVE-2022-46364
2155682 https://bugzilla.redhat.com/show_bug.cgi?id=2155682
cpe:2.3:a:apache:cxf:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:*:*:*:*:*:*:*:*
CVE-2022-46364 https://nvd.nist.gov/vuln/detail/CVE-2022-46364
CVE-2022-46364.TXT?VERSION=1&MODIFICATIONDATE=1670944472739&API=V2 https://cxf.apache.org/security-advisories.data/CVE-2022-46364.txt?version=1&modificationDate=1670944472739&api=v2
GHSA-x3x3-qwjq-8gj4 https://github.com/advisories/GHSA-x3x3-qwjq-8gj4
RHSA-2023:0163 https://access.redhat.com/errata/RHSA-2023:0163
RHSA-2023:0164 https://access.redhat.com/errata/RHSA-2023:0164
RHSA-2023:0483 https://access.redhat.com/errata/RHSA-2023:0483
RHSA-2023:0544 https://access.redhat.com/errata/RHSA-2023:0544
RHSA-2023:0552 https://access.redhat.com/errata/RHSA-2023:0552
RHSA-2023:0553 https://access.redhat.com/errata/RHSA-2023:0553
RHSA-2023:0554 https://access.redhat.com/errata/RHSA-2023:0554
RHSA-2023:0556 https://access.redhat.com/errata/RHSA-2023:0556
RHSA-2023:1285 https://access.redhat.com/errata/RHSA-2023:1285
RHSA-2023:1286 https://access.redhat.com/errata/RHSA-2023:1286
RHSA-2023:2041 https://access.redhat.com/errata/RHSA-2023:2041
RHSA-2023:2135 https://access.redhat.com/errata/RHSA-2023:2135
RHSA-2023:3641 https://access.redhat.com/errata/RHSA-2023:3641
RHSA-2023:3954 https://access.redhat.com/errata/RHSA-2023:3954
RHSA-2024:10207 https://access.redhat.com/errata/RHSA-2024:10207
RHSA-2024:10208 https://access.redhat.com/errata/RHSA-2024:10208
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://access.redhat.com/errata/RHSA-2023:2135
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-08T18:37:50Z/ Found at https://access.redhat.com/errata/RHSA-2023:2135
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://access.redhat.com/errata/RHSA-2023:3954
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-08T18:37:50Z/ Found at https://access.redhat.com/errata/RHSA-2023:3954
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-46364.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://cxf.apache.org/security-advisories.data/CVE-2022-46364.txt?version=1&modificationDate=1670944472739&api=v2
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-22T02:48:12Z/ Found at https://cxf.apache.org/security-advisories.data/CVE-2022-46364.txt?version=1&modificationDate=1670944472739&api=v2
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2022-46364
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2022-46364
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.22864
EPSS Score 0.00089
Published At March 28, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
There are no relevant records.