Vulnerabilities > Apache > Soap > 2.3
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-11-14 | CVE-2022-45378 | Missing Authentication for Critical Function vulnerability in Apache Soap 1.2/2.2/2.3 In the default configuration of Apache SOAP, an RPCRouterServlet is available without authentication. | 9.8 |
| 2022-09-22 | CVE-2022-40705 | XXE vulnerability in Apache Soap 2.2/2.3 An Improper Restriction of XML External Entity Reference vulnerability in RPCRouterServlet of Apache SOAP allows an attacker to read arbitrary files over HTTP. | 7.5 |