Every CVE whose affected-product data names Apache Soap, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (2)
CVE-2022-45378 — CVSS 9.8 (critical): In the default configuration of Apache SOAP, an RPCRouterServlet is available without authentication. This gives an attacker the…
CVE-2022-40705 — CVSS 7.5 (high): An Improper Restriction of XML External Entity Reference vulnerability in RPCRouterServlet of Apache SOAP allows an attacker to read…