CVE-2024-28752 | Apache CXF up to 3.5.7/3.6.2/4.0.3 Aegis Databinding server-side request forgery

Posted by Angelo Barbosa | Mar 15, 2024 | CVE

A vulnerability was found in Apache CXF up to 3.5.7/3.6.2/4.0.3. It has been rated as critical. Affected by this issue is some unknown functionality of the component Aegis Databinding. The manipulation leads to server-side request forgery.

This vulnerability is handled as CVE-2024-28752. The attack needs to be initiated within the local network. There is no exploit available.

It is recommended to upgrade the affected component.

CVE-2024-28752 | Apache CXF up to 3.5.7/3.6.2/4.0.3 Aegis Databinding server-side request forgery

Related Posts

CVE-2024-26749 | Linux Kernel up to 6.7.6 cdns3 cdns3_gadget_ep_disable use after free

CVE-2024-25091 | Js Communications RevoWorks SCVX/RevoWorks Browser VirusChecker/ThreatChecker protection mechanism

CVE-2024-20800 | Adobe Experience Manager up to 6.5.19 cross site scripting (apsb24-05)

CVE-2024-1550 | Mozilla Firefox up to 122 Fullscreen Mode requestPointerLock improper restriction of rendered ui layers