CVE-2024-28752

Published Mar 15, 2024

Last updated 3 months ago

Overview

Description
A SSRF vulnerability using the Aegis DataBinding in versions of Apache CXF before 4.0.4, 3.6.3 and 3.5.8 allows an attacker to perform SSRF style attacks on webservices that take at least one parameter of any type. Users of other data bindings (including the default databinding) are not impacted.
Source
security@apache.org
NVD status
Awaiting Analysis

Risk scores

CVSS 3.1

Type
Secondary
Base score
9.3
Impact score
5.8
Exploitability score
2.8
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N
Severity
CRITICAL

Weaknesses

security@apache.org
CWE-918
134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE-918

Social media

Hype score
Not currently trending

References