CVE-2022-45378

Name of the Vulnerable Software and Affected Versions Apache SOAP (affected versions not specified)

Description The default configuration of Apache SOAP includes an RPCRouterServlet that is available without authentication, allowing an attacker to invoke methods on the classpath that meet certain criteria. Depending on the classes available on the classpath, this could lead to arbitrary remote code execution. This issue only affects products that are no longer supported by the maintainer.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.