Authors: Created by IBM

There is a vulnerability in the Apache CXF library used by IBM WebSphere Application Server Liberty with the jaxws-2.2 feature enabled.This has been addressed. CVEID:  CVE-2022-46364^[1]
DESCRIPTION:  Apache CXF is vulnerable to server-side request forgery, caused by a flaw in parsing the href attribute of XOP:Include in MTOM requests.By using a specially-crafted request, an attacker could exploit this vulnerability to conduct SSRF attack.
...

Just published by IBM: Read more