Vulnerabilities > Apache > Soap

DATE CVE VULNERABILITY TITLE RISK
2022-11-14 CVE-2022-45378 Missing Authentication for Critical Function vulnerability in Apache Soap 1.2/2.2/2.3
In the default configuration of Apache SOAP, an RPCRouterServlet is available without authentication.
network
low complexity
apache CWE-306
critical
9.8
2022-09-22 CVE-2022-40705 XXE vulnerability in Apache Soap 2.2/2.3
An Improper Restriction of XML External Entity Reference vulnerability in RPCRouterServlet of Apache SOAP allows an attacker to read arbitrary files over HTTP.
network
low complexity
apache CWE-611
7.5