The application suffers from an unauthenticated stored XSS vulnerability that results in stored JS code and authentication bypass. The issue is triggered when input passed to the 'username' parameter is not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

Title: SOUND4 IMPACT/FIRST/PULSE/Eco <=2.x (username) Stored Cross-Site Scripting  
Advisory ID: ZSL-2022-5731  
Type: Local/Remote  
Impact: Cross-Site Scripting  
Risk: (5/5)  
Release Date: 14.12.2022

**Summary**

The SOUND4 IMPACT introduces an innovative process - mono and stereo parts of the signal are processed separately to obtain perfect consistency in terms of both sound and level. Therefore, in moving reception, when the FM receiver switches from stereo to mono and back to stereo, the sound variations and changes in level are reduced by over 90%. In the SOUND4 IMPACT processing chain, the stereo expander can be used substantially without any limitations.

With its advanced functionalities and impressive versatility, SOUND4 PULSE gives clients the ultimate price - performance ratio, providing much more than just a processor. Flexible and powerful, it ensures perfect sound quality and full compatibility with radio broadcasting standards and can be used simultaneously for FM and HD, DAB, DRM or streaming.

SOUND4 FIRST provides all the most important functionalities you need in an FM/HD processor and sets the bar high both in terms of performance and affordability. Designed to deliver a sound of uncompromising quality, this tool gives you 2-band processing, a digital stereo generator and an IMPACT Clipper

**Description**

The application suffers from an unauthenticated stored XSS vulnerability that results in stored JS code and authentication bypass. The issue is triggered when input passed to the 'username' parameter is not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

**Vendor**

SOUND4 Ltd. - https://www.sound4.com | https://www.sound4.biz

**Affected Version**

FM/HD Radio Processing:  
Impact/Pulse/First (Version 2: 1.1/2.15)  
Impact/Pulse/First (Version 1: 2.1/1.69)  
Impact/Pulse Eco 1.16  
Voice Processing:  
BigVoice4 1.2  
BigVoice2 1.30  
Web-Audio Streaming:  
Stream 1.1/2.4.29  
Watermarking:  
WM2 (Kantar Media) 1.11

**Tested On**

Apache/2.4.25 (Unix)  
OpenSSL/1.0.2k  
PHP/7.1.1  
GNU/Linux 5.10.43 (armv7l)  
GNU/Linux 4.9.228 (armv7l)

**Vendor Status**

\[26.09.2022\] Vulnerability discovered.  
\[30.09.2022\] Vendor contacted.  
\[13.12.2022\] No response from the vendor.  
\[14.12.2022\] Public security advisory released.

**PoC**

sound4\_usr\_xss.txt

**Credits**

Vulnerability discovered by Gjoko Krstic - <gjoko@zeroscience.mk\>

**References**

N/A

**Changelog**

\[14.12.2022\] - Initial release

**Contact**

Zero Science Lab

Web: https://www.zeroscience.mk  
e-mail: lab@zeroscience.mk

SOUND4 IMPACT/FIRST/PULSE/Eco 2.x (username) Stored Cross-Site Scripting

The application suffers from an unauthenticated directory traversal file write vulnerability. Input passed through the 'filename' POST parameter called by the 'upgrade.php' script is not properly verified before being used to upload .upgbox Firmware files. This can be exploited to write to arbitrary locations on the system via directory traversal attacks.

Title: SOUND4 IMPACT/FIRST/PULSE/Eco <=2.x Directory Traversal File Write Exploit  
Advisory ID: ZSL-2022-5730  
Type: Local/Remote  
Impact: Exposure of System Information, Exposure of Sensitive Information  
Risk: (5/5)  
Release Date: 14.12.2022

**Summary**

The SOUND4 IMPACT introduces an innovative process - mono and stereo parts of the signal are processed separately to obtain perfect consistency in terms of both sound and level. Therefore, in moving reception, when the FM receiver switches from stereo to mono and back to stereo, the sound variations and changes in level are reduced by over 90%. In the SOUND4 IMPACT processing chain, the stereo expander can be used substantially without any limitations.

With its advanced functionalities and impressive versatility, SOUND4 PULSE gives clients the ultimate price - performance ratio, providing much more than just a processor. Flexible and powerful, it ensures perfect sound quality and full compatibility with radio broadcasting standards and can be used simultaneously for FM and HD, DAB, DRM or streaming.

SOUND4 FIRST provides all the most important functionalities you need in an FM/HD processor and sets the bar high both in terms of performance and affordability. Designed to deliver a sound of uncompromising quality, this tool gives you 2-band processing, a digital stereo generator and an IMPACT Clipper

**Description**

The application suffers from an unauthenticated directory traversal file write vulnerability. Input passed through the 'filename' POST parameter called by the 'upgrade.php' script is not properly verified before being used to upload .upgbox Firmware files. This can be exploited to write to arbitrary locations on the system via directory traversal attacks.

**Vendor**

SOUND4 Ltd. - https://www.sound4.com | https://www.sound4.biz

**Affected Version**

FM/HD Radio Processing:  
Impact/Pulse/First (Version 2: 1.1/2.15)  
Impact/Pulse/First (Version 1: 2.1/1.69)  
Impact/Pulse Eco 1.16  
Voice Processing:  
BigVoice4 1.2  
BigVoice2 1.30  
Web-Audio Streaming:  
Stream 1.1/2.4.29  
Watermarking:  
WM2 (Kantar Media) 1.11

**Tested On**

Apache/2.4.25 (Unix)  
OpenSSL/1.0.2k  
PHP/7.1.1  
GNU/Linux 5.10.43 (armv7l)  
GNU/Linux 4.9.228 (armv7l)

**Vendor Status**

\[26.09.2022\] Vulnerability discovered.  
\[30.09.2022\] Vendor contacted.  
\[13.12.2022\] No response from the vendor.  
\[14.12.2022\] Public security advisory released.

**PoC**

sound4\_traversal.txt

**Credits**

Vulnerability discovered by Gjoko Krstic - <gjoko@zeroscience.mk\>

**References**

N/A

**Changelog**

\[14.12.2022\] - Initial release

**Contact**

Zero Science Lab

Web: https://www.zeroscience.mk  
e-mail: lab@zeroscience.mk

SOUND4 IMPACT/FIRST/PULSE/Eco 2.x Directory Traversal File Write Exploit

The server binary has hard-coded credentials within its Linux and Windows distribution image. These sets of credentials are never exposed to the end-user and cannot be changed through any normal operation of the device. To add/modify other credentials you need to use the SOUND4 Remote Control thick client.

Title: SOUND4 IMPACT/FIRST/PULSE/Eco <=2.x (sound4server) Hardcoded Credentials  
Advisory ID: ZSL-2022-5729  
Type: Local/Remote  
Impact: Privilege Escalation, System Access, DoS  
Risk: (4/5)  
Release Date: 14.12.2022

**Summary**

The SOUND4 IMPACT introduces an innovative process - mono and stereo parts of the signal are processed separately to obtain perfect consistency in terms of both sound and level. Therefore, in moving reception, when the FM receiver switches from stereo to mono and back to stereo, the sound variations and changes in level are reduced by over 90%. In the SOUND4 IMPACT processing chain, the stereo expander can be used substantially without any limitations.

With its advanced functionalities and impressive versatility, SOUND4 PULSE gives clients the ultimate price - performance ratio, providing much more than just a processor. Flexible and powerful, it ensures perfect sound quality and full compatibility with radio broadcasting standards and can be used simultaneously for FM and HD, DAB, DRM or streaming.

SOUND4 FIRST provides all the most important functionalities you need in an FM/HD processor and sets the bar high both in terms of performance and affordability. Designed to deliver a sound of uncompromising quality, this tool gives you 2-band processing, a digital stereo generator and an IMPACT Clipper

**Description**

The server binary has hard-coded credentials within its Linux and Windows distribution image. These sets of credentials are never exposed to the end-user and cannot be changed through any normal operation of the device. To add/modify other credentials you need to use the SOUND4 Remote Control thick client.

**Vendor**

SOUND4 Ltd. - https://www.sound4.com | https://www.sound4.biz

**Affected Version**

FM/HD Radio Processing:  
Impact/Pulse/First (Version 2: 1.1/2.15)  
Impact/Pulse/First (Version 1: 2.1/1.69)  
Impact/Pulse Eco 1.16  
Voice Processing:  
BigVoice4 1.2  
BigVoice2 1.30  
Web-Audio Streaming:  
Stream 1.1/2.4.29  
Watermarking:  
WM2 (Kantar Media) 1.11

**Tested On**

Apache/2.4.25 (Unix)  
OpenSSL/1.0.2k  
PHP/7.1.1  
GNU/Linux 5.10.43 (armv7l)  
GNU/Linux 4.9.228 (armv7l)  
Windows 10  
SOUND4 Server v4.1.102  
SOUND4 Remote Control v4.3.17

**Vendor Status**

\[26.09.2022\] Vulnerability discovered.  
\[30.09.2022\] Vendor contacted.  
\[13.12.2022\] No response from the vendor.  
\[14.12.2022\] Public security advisory released.

**PoC**

sound4\_hardcoded.txt

**Credits**

Vulnerability discovered by Gjoko Krstic - <gjoko@zeroscience.mk\>

**References**

N/A

**Changelog**

\[14.12.2022\] - Initial release

**Contact**

Zero Science Lab

Web: https://www.zeroscience.mk  
e-mail: lab@zeroscience.mk

SOUND4 IMPACT/FIRST/PULSE/Eco 2.x (sound4server) Hardcoded Credentials

The application allows an unauthenticated attacker to send network signals to an arbitrary target host that can be abused in an ICMP flooding attack. This includes the utilisation of the ping, traceroute and nslookup commands through ping.php, traceroute.php and dns.php respectively.

Title: SOUND4 IMPACT/FIRST/PULSE/Eco <=2.x (ping/traceroute) ICMP Flood Attack  
Advisory ID: ZSL-2022-5728  
Type: Local/Remote  
Impact: DoS  
Risk: (3/5)  
Release Date: 14.12.2022

**Summary**

The SOUND4 IMPACT introduces an innovative process - mono and stereo parts of the signal are processed separately to obtain perfect consistency in terms of both sound and level. Therefore, in moving reception, when the FM receiver switches from stereo to mono and back to stereo, the sound variations and changes in level are reduced by over 90%. In the SOUND4 IMPACT processing chain, the stereo expander can be used substantially without any limitations.

With its advanced functionalities and impressive versatility, SOUND4 PULSE gives clients the ultimate price - performance ratio, providing much more than just a processor. Flexible and powerful, it ensures perfect sound quality and full compatibility with radio broadcasting standards and can be used simultaneously for FM and HD, DAB, DRM or streaming.

SOUND4 FIRST provides all the most important functionalities you need in an FM/HD processor and sets the bar high both in terms of performance and affordability. Designed to deliver a sound of uncompromising quality, this tool gives you 2-band processing, a digital stereo generator and an IMPACT Clipper

**Description**

The application allows an unauthenticated attacker to send network signals to an arbitrary target host that can be abused in an ICMP flooding attack. This includes the utilisation of the ping, traceroute and nslookup commands through ping.php, traceroute.php and dns.php respectively.

**Vendor**

SOUND4 Ltd. - https://www.sound4.com | https://www.sound4.biz

**Affected Version**

FM/HD Radio Processing:  
Impact/Pulse/First (Version 2: 1.1/2.15)  
Impact/Pulse/First (Version 1: 2.1/1.69)  
Impact/Pulse Eco 1.16  
Voice Processing:  
BigVoice4 1.2  
BigVoice2 1.30  
Web-Audio Streaming:  
Stream 1.1/2.4.29  
Watermarking:  
WM2 (Kantar Media) 1.11

**Tested On**

Apache/2.4.25 (Unix)  
OpenSSL/1.0.2k  
PHP/7.1.1  
GNU/Linux 5.10.43 (armv7l)  
GNU/Linux 4.9.228 (armv7l)

**Vendor Status**

\[26.09.2022\] Vulnerability discovered.  
\[30.09.2022\] Vendor contacted.  
\[13.12.2022\] No response from the vendor.  
\[14.12.2022\] Public security advisory released.

**PoC**

sound4\_icmp\_flood.txt

**Credits**

Vulnerability discovered by Gjoko Krstic - <gjoko@zeroscience.mk\>

**References**

N/A

**Changelog**

\[14.12.2022\] - Initial release

**Contact**

Zero Science Lab

Web: https://www.zeroscience.mk  
e-mail: lab@zeroscience.mk

SOUND4 IMPACT/FIRST/PULSE/Eco 2.x (ping/traceroute) ICMP Flood Attack

A vulnerability in import module of Apache Atlas allows an authenticated user to write to web server filesystem. This issue affects Apache Atlas versions from 0.8.4 to 2.2.0.

**Apache Atlas: zip path traversal in import functionality**

High severity GitHub Reviewed Published Dec 14, 2022 • Updated Dec 20, 2022

GHSA-p782-4j23-xqcg: Apache Atlas: zip path traversal in import functionality

**Email display mode:**

Modern rendering  
Legacy rendering

CVE-2022-34271

A SSRF vulnerability in parsing the href attribute of XOP:Include in MTOM requests in versions of Apache CXF before 3.5.5 and 3.4.10 allows an attacker to perform SSRF style attacks on webservices that take at least one parameter of any type.

**Apache CXF Server-Side Request Forgery vulnerability**

High severity GitHub Reviewed Published Dec 13, 2022 • Updated Dec 13, 2022

GHSA-x3x3-qwjq-8gj4: Apache CXF Server-Side Request Forgery vulnerability

Red Hat Security Advisory 2022-8958-01 - The Byte Code Engineering Library is intended to give users a convenient way to analyze, create, and manipulate Java class files.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: bcel security update  
Advisory ID:       RHSA-2022:8958-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:8958  
Issue date:        2022-12-13  
CVE Names:         CVE-2022-42920  
====================================================================  
1. Summary:

An update for bcel is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Client Optional (v. 7) - noarch  
Red Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch  
Red Hat Enterprise Linux Server (v. 7) - noarch  
Red Hat Enterprise Linux Server Optional (v. 7) - noarch  
Red Hat Enterprise Linux Workstation (v. 7) - noarch  
Red Hat Enterprise Linux Workstation Optional (v. 7) - noarch

3. Description:

The Byte Code Engineering Library (Apache Commons BCEL) is intended to give  
users a convenient way to analyze, create, and manipulate (binary) Java  
class files (those ending with .class).

Security Fix(es):

* Apache-Commons-BCEL: arbitrary bytecode produced via out-of-bounds  
writing (CVE-2022-42920)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2142707 - CVE-2022-42920 Apache-Commons-BCEL: arbitrary bytecode produced via out-of-bounds writing

6. Package List:

Red Hat Enterprise Linux Client Optional (v. 7):

Source:  
bcel-5.2-19.el7_9.src.rpm

noarch:  
bcel-5.2-19.el7_9.noarch.rpm  
bcel-javadoc-5.2-19.el7_9.noarch.rpm

Red Hat Enterprise Linux ComputeNode Optional (v. 7):

Source:  
bcel-5.2-19.el7_9.src.rpm

noarch:  
bcel-5.2-19.el7_9.noarch.rpm  
bcel-javadoc-5.2-19.el7_9.noarch.rpm

Red Hat Enterprise Linux Server (v. 7):

Source:  
bcel-5.2-19.el7_9.src.rpm

noarch:  
bcel-5.2-19.el7_9.noarch.rpm

Red Hat Enterprise Linux Server Optional (v. 7):

Source:  
bcel-5.2-19.el7_9.src.rpm

noarch:  
bcel-5.2-19.el7_9.noarch.rpm  
bcel-javadoc-5.2-19.el7_9.noarch.rpm

Red Hat Enterprise Linux Workstation (v. 7):

Source:  
bcel-5.2-19.el7_9.src.rpm

noarch:  
bcel-5.2-19.el7_9.noarch.rpm

Red Hat Enterprise Linux Workstation Optional (v. 7):

noarch:  
bcel-javadoc-5.2-19.el7_9.noarch.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-42920  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBY5ipmNzjgjWX9erEAQjriw/+Owsb5KvsFHugafv5z6ZL8f41OHV8MrH9  
d2QfKMQvyMSwXIez5jXSA1O+ft72/pJOmqoavFhMtdIQRfbiSYVq2BGczEW4OCDr  
jw6+ZZ8hHFS8456YlT9c+hs3Ztkbi2B4fZv9s2H6aGSU/S57NjCd+jjG61k7cK6Y  
K8utWZmS5fkY871DTxgcE3aNQ9/8dRVky3B5xW2+kxXQOUGduOPHdmHqT/kQTVDn  
p8ytlqF1IkP8uwK63LaLOMugYwFcevQdLc5looHYLyVius0RdlI07xtK6DG208I2  
yDa1VX/1GdBheDydF5TTH0R2qTRwJGmU523xZCy6EFd5/Z617/qm99saUPcY2c+4  
Q89smDrtC9TyQdth8dnamjGUoLe2FYqOLI08TC0VoVU0AzMs4iD9VOyWAg4gCClh  
p4pkwpTIUlL1qMy8Tw6MT5NpG1hLFirynV0P71PR6+1Ek+7BApFedlhjCt2TNefJ  
fz6gRFQPA/rJbuGexAyth2WoFQr6cQhAr8N1PnuwG6/qFV8En3JzmRXdIbbBBgxF  
rdjFJC7dl+2PEU4g77Y6WeQRUm9naBN5pBYwLChUN2xklLSkuj9KL2jlglmVdQbC  
YAEItBBu8D9q2j9c16fK88+hk82QKmzkdg+IyXCEye1gyS2E15uUfB2gLIOHdeiS  
qG9gWku3dRo=gPn3  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-8958-01

Red Hat Security Advisory 2022-8959-01 - The Byte Code Engineering Library is intended to give users a convenient way to analyze, create, and manipulate Java class files.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Important: rh-maven36-bcel security update  
Advisory ID:       RHSA-2022:8959-01  
Product:           Red Hat Software Collections  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:8959  
Issue date:        2022-12-13  
CVE Names:         CVE-2022-42920  
====================================================================  
1. Summary:

An update for rh-maven36-bcel is now available for Red Hat Software  
Collections.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - noarch  
Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - noarch

3. Description:

The Byte Code Engineering Library (Apache Commons BCEL) is intended to give  
users a convenient way to analyze, create, and manipulate (binary) Java  
class files (those ending with .class).

Security Fix(es):

* Apache-Commons-BCEL: arbitrary bytecode produced via out-of-bounds  
writing (CVE-2022-42920)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2142707 - CVE-2022-42920 Apache-Commons-BCEL: arbitrary bytecode produced via out-of-bounds writing

6. Package List:

Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):

Source:  
rh-maven36-bcel-6.3.1-2.3.el7.src.rpm

noarch:  
rh-maven36-bcel-6.3.1-2.3.el7.noarch.rpm  
rh-maven36-bcel-javadoc-6.3.1-2.3.el7.noarch.rpm

Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):

Source:  
rh-maven36-bcel-6.3.1-2.3.el7.src.rpm

noarch:  
rh-maven36-bcel-6.3.1-2.3.el7.noarch.rpm  
rh-maven36-bcel-javadoc-6.3.1-2.3.el7.noarch.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-42920  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBY5ipktzjgjWX9erEAQhnTQ//XLvsdlV/NZd4o/fceImEOfM6rv/Xz9OH  
r/8TywiqGBMf0MZgtwr/dxg9jrV3DG8jhSIO36CsBEh5pplw8dEtgwA39aNSN5KA  
va+PTC1tw1WBL26iQB99HH35vNGojubadHXLyGrB4sb11Gr/lDUi93AAkD85YCvp  
gIx2NKIijqIbWf7XTCZTVxSKGq1feFcY+RpqfM0W/nGw7ZoBc+MVBrvMPIuKTeZY  
vnYt4lczddxbmz2SJZ+kOzo3ulOkTDn8hH33LwnCA/niPiJH0OWbThD5Eeu3VdUg  
npuBN6dzoU+dF5z5Zl2qh2aXg7FtzFFtqjy+GZ29JUJOWocYHTFWEaPUIBuHvetf  
bahHJJ/sl+JIXAvnkYSQAAAJYoLifyR8OIkUItT8J99Yz8c0QKn3X4o2sl2mZvRk  
0UuEOj93pXEs7sy0gtp+kn9cLhxPpEhL/wB6PL896JEzLrQ8adYPWidTwVDGkcZj  
Z/RC6Fu2qCWS0ta5pbdl2SubG2ndKolX8r5yhvNy2FROBnuMJby+mI4qEoVh2P+e  
FjwUjzW2UJq+/vhQ0deZ4DDAeCs9Cv/tIwKNEeTF9PdrvHNyFbN4sWzsfN0RI5O2  
w2rmfQJk1DrPOLShpSIoDF8/yKDYrlUIvJ2yzmfJy9h5sQzwCYpyPPDMPmE1dMwa  
HZK+lpuikNk=lFDR  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-8959-01

CVE-2022-46364: Apache CXF SSRF Vulnerability Severity: important Description: A SSRF vulnerability in parsing the href attribute of XOP:Include in MTOM requests in versions of Apache CXF before 3.5.5 and 3.4.10 allows an attacker to perform SSRF style attacks on webservices that take at least one parameter of any type. Credit: thanat0s from Beijin Qihoo 360 adlab (finder) (finder) References: https://cxf.apache.org/ https://www.cve.org/CVERecord?id=CVE-2022-46364

Tag

#apache