Vulnerability Description
A SSRF vulnerability using the Aegis DataBinding in versions of Apache CXF before 4.0.4, 3.6.3 and 3.5.8 allows an attacker to perform SSRF style attacks on webservices that take at least one parameter of any type. Users of other data bindings (including the default databinding) are not impacted.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Apache | Cxf | < 3.5.8 |
| Netapp | Oncommand Workflow Automation | - |
| Netapp | Ontap Tools | 10 |
Related Weaknesses (CWE)
References
- http://www.openwall.com/lists/oss-security/2024/03/14/3Mailing List
- https://cxf.apache.org/security-advisories.data/CVE-2024-28752.txtVendor Advisory
- https://security.netapp.com/advisory/ntap-20240517-0001/Third Party Advisory
- http://www.openwall.com/lists/oss-security/2024/03/14/3Mailing List
- https://cxf.apache.org/security-advisories.data/CVE-2024-28752.txtVendor Advisory
- https://security.netapp.com/advisory/ntap-20240517-0001/Third Party Advisory
FAQ
What is CVE-2024-28752?
CVE-2024-28752 is a vulnerability with a CVSS score of 9.3 (CRITICAL). A SSRF vulnerability using the Aegis DataBinding in versions of Apache CXF before 4.0.4, 3.6.3 and 3.5.8 allows an attacker to perform SSRF style attacks on webservices that take at least one paramete...
How severe is CVE-2024-28752?
CVE-2024-28752 has been rated CRITICAL with a CVSS base score of 9.3/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2024-28752?
Check the references section above for vendor advisories and patch information. Affected products include: Apache Cxf, Netapp Oncommand Workflow Automation, Netapp Ontap Tools.