soap:soap

Maven2 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting soap:soappage 1 of 1

CVE-2022-40705HIGHCVSS 7.5EG 7.5
2022-09-22
vulnerable: 2.2, 2.3, 2.3.1
An Improper Restriction of XML External Entity Reference vulnerability in RPCRouterServlet of Apache SOAP allows an attacker to read arbitrary files over HTTP. This issue affects Apache SOAP version 2.2 and later versions. It is unknown wh…
CVE-2022-45378CRITICALCVSS 9.8EG 9.8
2022-11-14
vulnerable: 2.1, 2.2, 2.3, 2.3.1
In the default configuration of Apache SOAP, an RPCRouterServlet is available without authentication. This gives an attacker the possibility to invoke methods on the classpath that meet certain criteria. Depending on what classes are avail…

Check whether soap:soap is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for soap:soap CVEs against the assets you own.

Start Free Scan →