{"vulnerability": "CVE-2022-46364", "sightings": [{"uuid": "d380db4b-14ce-4a65-830b-619ad442f1dc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-46364", "type": "published-proof-of-concept", "source": "Telegram/_RteshKRLDCQ4RAmweF2blRppm4mSQiC8GB-jXpC1s6eNw8", "content": "", "creation_timestamp": "2026-03-29T09:00:04.000000Z"}, {"uuid": "97f04c0c-fa60-4f06-9765-daf0fddee55c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-46364", "type": "published-proof-of-concept", "source": "Telegram/KKi08pVtUDaCAJkb9047w9y4w-ZBtgxVmflDXmeWCTkhF9g", "content": "", "creation_timestamp": "2026-03-29T03:00:06.000000Z"}, {"uuid": "628ca782-2c38-46d5-9188-e458e367366b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-46364", "type": "published-proof-of-concept", "source": "Telegram/JLhJQ7n8NYWxmD11_3t0g_ZRcR3DzIiGQT-gwDA9cmtWa00", "content": "", "creation_timestamp": "2026-04-01T03:00:06.000000Z"}, {"uuid": "9b3f7eac-1208-4442-b042-5bba872ebf89", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-46364", "type": "published-proof-of-concept", "source": "Telegram/TImB4WLg9m4sLGXOfrFfePfJsw5eV9JDphaGTzdqtpQzKI4", "content": "", "creation_timestamp": "2026-04-03T21:00:05.000000Z"}, {"uuid": "390260e4-48c4-4d67-a432-3285a865fe39", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-46364", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/77722", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #SSRF\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a CVE-2022-46364-Proof-of-the-concept\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a cybermaksxx\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a Python\n\u2b50 Star\u6570\u91cf\uff1a 0  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-03-29 03:00:22\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\nThis vulnerability allows an attacker to perform SSRF (Server-Side Request Forgery) attacks on Apache CXF webservices that accept MTOM/XOP requests. The issue exists in how the href attribute of xop:Include is parsed, allowing arbitrary URLs to be requested by the server.\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-03-29T03:02:31.000000Z"}, {"uuid": "638414da-0684-4a62-b9cc-827e18d03a23", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-46364", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/12778", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-46364\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: A SSRF vulnerability in parsing the\u00a0href attribute of XOP:Include in MTOM requests in versions of Apache CXF before 3.5.5 and 3.4.10 allows an attacker to perform SSRF style attacks on webservices that take at least one parameter of any type.\u00a0\n\ud83d\udccf Published: 2022-12-13T16:20:26.765Z\n\ud83d\udccf Modified: 2025-04-22T02:48:36.211Z\n\ud83d\udd17 References:\n1. https://cxf.apache.org/security-advisories.data/CVE-2022-46364.txt?version=1&modificationDate=1670944472739&api=v2", "creation_timestamp": "2025-04-22T03:02:36.000000Z"}, {"uuid": "ee3a8ac2-cf78-4fb9-b301-d27b68f34291", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-46364", "type": "seen", "source": "https://t.me/arpsyndicate/3157", "content": "#ExploitObserverAlert\n\nCVE-2022-46364\n\nDESCRIPTION: Exploit Observer has 6 entries in 3 file formats related to CVE-2022-46364. A SSRF vulnerability in parsing the\u00a0href attribute of XOP:Include in MTOM requests in versions of Apache CXF before 3.5.5 and 3.4.10 allows an attacker to perform SSRF style attacks on webservices that take at least one parameter of any type.\n\nFIRST-EPSS: 0.028500000\nNVD-IS: 5.9\nNVD-ES: 3.9", "creation_timestamp": "2024-01-28T02:00:33.000000Z"}, {"uuid": "e7ec671d-d5e2-44f1-942d-3a5542a69707", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-46364", "type": "seen", "source": "https://t.me/cibsecurity/54448", "content": "\u203c CVE-2022-46364 \u203c\n\nA SSRF vulnerability in parsing the href attribute of XOP:Include in MTOM requests in versions of Apache CXF before 3.5.5 and 3.4.10 allows an attacker to perform SSRF style attacks on webservices that take at least one parameter of any type.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-12-13T20:21:54.000000Z"}]}