A SSRF vulnerability using the Aegis DataBinding in versions of Apache CXF before 4.0.4, 3.6.3 and 3.5.8 allows an attacker to perform SSRF style attacks on webservices that take at least one parameter of any type. Users of other data bindings (including the default databinding) are not impacted. https://cxf.apache.org/security-advisories.data/CVE-2024-28752.txt
This issue has been addressed in the following products: Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7 Via RHSA-2024:3559 https://access.redhat.com/errata/RHSA-2024:3559
This issue has been addressed in the following products: Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9 Via RHSA-2024:3561 https://access.redhat.com/errata/RHSA-2024:3561
This issue has been addressed in the following products: Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8 Via RHSA-2024:3560 https://access.redhat.com/errata/RHSA-2024:3560
This issue has been addressed in the following products: Red Hat JBoss Enterprise Application Platform Via RHSA-2024:3563 https://access.redhat.com/errata/RHSA-2024:3563
This issue has been addressed in the following products: Red Hat build of Apache Camel 3.20.6 for Spring Boot Via RHSA-2024:3708 https://access.redhat.com/errata/RHSA-2024:3708
This issue has been addressed in the following products: Red Hat JBoss Enterprise Application Platform Via RHSA-2024:5482 https://access.redhat.com/errata/RHSA-2024:5482
This issue has been addressed in the following products: Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8 Via RHSA-2024:5479 https://access.redhat.com/errata/RHSA-2024:5479
This issue has been addressed in the following products: Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9 Via RHSA-2024:5481 https://access.redhat.com/errata/RHSA-2024:5481