Main Vulnerability Database Vulnerabilities #VU69289

#VU69289 Exposed dangerous method or function in Apache SOAP - CVE-2022-45378

Published: November 14, 2022

Vulnerability identifier: #VU69289

Vulnerability risk: High

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2022-45378

CWE-ID: CWE-749

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Apache SOAP

Software vendor:
Apache Foundation

Description

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to missing authentication when accessing the RPCRouterServlet servlet. A remote attacker can invoke certain methods on the classpath and execute arbitrary code on the system.

Remediation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Note, the project is no longer maintained.

External links

https://seclists.org/oss-sec/2022/q4/142

#VU69289 Exposed dangerous method or function in Apache SOAP - CVE-2022-45378

Description

Remediation

External links

Please verify you're human