Home > Vulnerability Database > CVE-2022-40705

Mend.io Vulnerability Database

CVE-2022-40705

Date: September 22, 2022

An Improper Restriction of XML External Entity Reference vulnerability in RPCRouterServlet of Apache SOAP allows an attacker to read arbitrary files over HTTP. This issue affects Apache SOAP version 2.2 and later versions. It is unknown whether previous versions are also affected. NOTE: This vulnerability only affects products that are no longer supported by the maintainer

Language: Java

Severity Score

7.5

Related Resources (4)

Url: https://nvd.nist.gov/vuln/detail/CVE-2022-40705

Url: http://www.openwall.com/lists/oss-security/2022/09/22/1

Url: https://lists.apache.org/thread/02yo04w93rdjmllz4454lvodn5xzhwhl

Url: https://www.mend.io/vulnerability-database/CVE-2022-40705

Severity Score

7.5

Weakness Type (CWE)

Improper Restriction of XML External Entity Reference ('XXE')

CWE-611

CVSS v3.1

Base Score:	7.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2022-40705

Date: September 22, 2022

Language: Java

Severity Score

Related Resources (4)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?