CVE-2022-45378 Apache SOAP's RPCRouterServlet has no authentication, which gives attackers the ability to invoke methods on the classpath.
Due to the fact that Apache SOAP versions 1.2, 1.3 and 1.4 are no longer supported, this vulnerability poses a critical risk
CVE-2022-40747 IBM InfoSphere Information Server is vulnerable to an XML External Entity Injection attack. An attacker could exploit this to reveal sensitive information or consume memory resources.
Information on possible vectors of attack and fixes can be found here. Information on possible vectors of attack and fixes can be found here. CVE-2018-3092
CVE-2022-38712: A Deep Dive into the SOAPAction Spoofing Vulnerability Affecting IBM WebSphere Application Server
IBM WebSphere Application Server is a widely used software that provides a flexible, secure Java server runtime environment for enterprise applications. Recently, a security vulnerability,
CVE-2022-21622 The Oracle SOA Suite product is affected by a vulnerability in the Adapters component. The vulnerable versions are 12.2.1.3.0 and 12.2.1.4.0.
Oracle SOA Suite versions affected: Oracle SOA Suite 12.2.1.3.0 Oracle SOA Suite 12.2.1.4.0 Fix information: Apply the
CVE-2022-40705 An Improper Restriction of XML External Entity Reference vulnerability in RPCRouterServlet of Apache SOAP allows an attacker to read arbitrary files over HTTP. This issue affects Apache SOAP 2.2 and later versions.
The most common attack scenario is an unauthenticated remote code execution. Due to the fact that RPCRouterServlet is not protected by a filter, an attacker
Episode
00:00:00
00:00:00