CVE-2024-28752

Aliases:GHSA-qmgx-j96g-4428

Advisory lineage Upstream: 0 Downstream: 7

Downstream

RHSA-2024:10207 RHSA-2024:10208 RHSA-2024:3559 RHSA-2024:3560 RHSA-2024:3561 RHSA-2024:5479

Analyzed

Published: 15 Mar 2024, 10:27

Last modified:13 Feb 2025, 17:47

Vulnerability Summary

Overall Risk (default)

high

70/100

CVSS Score

9.3 CRITICAL

v3.1 (cve.org)

EPSS Score

50.83% CRITICAL

51% probability +50.24%

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

15 Mar 2024, 10:27

Published

Vulnerability first disclosed

13 Feb 2025, 17:47

Last Modified

Vulnerability information updated

Description

A SSRF vulnerability using the Aegis DataBinding in versions of Apache CXF before 4.0.4, 3.6.3 and 3.5.8 allows an attacker to perform SSRF style attacks on webservices that take at least one parameter of any type. Users of other data bindings (including the default databinding) are not impacted.

CVSS Metrics

v4.0•CRITICAL•Score: 9.3CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N
v3.1•CRITICAL•Score: 9.3CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N

EPSS Trends

Current EPSS score: 50.83%• Percentile: 98%

Techniques & Countermeasures

CWE-918•Server-Side Request Forgery (SSRF)
The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

Affected Systems

apache software foundation•apache cxf
< 4.0.4, 3.6.3, 3.5.8
apache•cxf
< 3.5.8 | ≥ 3.6.0, < 3.6.3 | ≥ 4.0.0, < 4.0.4
org.apache.cxf•cxf-core
< 3.5.8 | ≥ 3.6.0, < 3.6.3 | ≥ 4.0.0, < 4.0.4
org.apache.cxf•cxf-rt-databinding-aegis
< 3.5.8 | ≥ 3.6.0, < 3.6.3 | ≥ 4.0.0, < 4.0.4
netapp•oncommand_workflow_automation
na
netapp•ontap_tools
10